eCommerce Over Coffee Webinar: How to Win B2B eCommerce with Magento (plus free coffee)REGISTER NOW
Think, for a moment, about the incredibly important customer information that helps
power your eCommerce business…sales records, client names, mailing addresses, credit
card numbers, purchase histories, etc. Now consider what could happen if this
information was compromised because your site was hacked. The hard truth is that both your sales and reputation might be damaged beyond repair. You need website security!
This is why it’s crucial to protect your information against attacks. So let’s dive deeper into the world of eCommerce security to better understand the risks and possible solutions.
The first—and possibly most important—thing you need to know is that your website is not a set-it-and-forget-it situation. That may work with the Ronco Showtime Rotisserie, but it is never wise to assume your eCommerce site requires no additional attention after it’s up and running. Ongoing security reviews are a critical measure for every eCommerce site.
What Can I Do To Increase My Website Security?
Let’s start with a couple basics.
To start, enforce secure password protocol with your customers. In other words, force them to create passwords that contain numbers, symbols, and uppercase letters. You should also require a minimum length.
This simple step truly helps protect your customers’ information…and quite possibly your reputation as a trustworthy business.
Amit Bhaiya, founder and CEO of DotcomWeavers, also recommends two-step authentication for customers logging in. “It sounds very technical, but it’s actually very simple. Essentially, any customer attempting to sign in from an unfamiliar location will receive a verification code to their mobile phone or email. That code must then be put in to the login page. If the code is added correctly, they can access to their account. If an incorrect code is added, the sign-in attempt is denied.”
Now for a couple more complicated steps.
Keep your third-party plugins and the associated code up-to-date. One of the most recent examples of the potential for plug-in problems centers on Magento, a leading platform for open commerce innovation.
Magento is an absolutely amazing company, but they started to worry about security when they received customer complaints about unauthorized credit card transactions.
According to Sucuri, hackers added 50 extra lines of code to the Magento code. The “extras” caused all the information submitted by a customer during checkout to be sent to a third-party site. Magento had been compromised.
Knowing that Magento provides plug-ins for hundreds, if not thousands, of eCommerce sites, it’s certainly wise pay attention to the code that runs your site.
Secure Sockets Layer (SSL) is another important website security measure that can help prevent hackers from infiltrating your site. According to Bhaiya, SSL is an online protocol that secures the communications between your customers’browsers and your website. “Technically speaking, it establishes an encrypted link that allows sensitive information—like the name and number on a credit card—to be transferred securely. Without it, your eCommerce site is an easy target for hackers.”
Does your site have SSL? If not, Bhaiya says the protocol should be added immediately. If you’re not sure if SSL is part of your site’s protocol, reach out to the organization that built your site and ask for clarification.
As a third step, Bhaiya also highly recommends a vulnerability scanning. Although there are a variety of available resources to help run the scan,the end goal is to idenfity security vulnerabilities in your website.
“These scans are based on knowledge of security flaws that can be exploited by hackers,” Bhaiya explains. “The scan tests for these flaws and then generates a report based on what was uncovered. Once the flaws have been identified, the data that runs your website can be tightened to further minimize your risk.”
A secure website is crucial to the success of your business. Without the proper website security measures in place, your site is at greater risk for viruses, destructive add-ons to your code, stolen customer data…and your reputation as a trustworthy business—the one you’ve worked so hard to build—can be lost in an instant.
If you’d like to speak with a professional about protecting your eCommerce site from unwanted attacks, contact DotcomWeavers at [email protected] or 888.315.6518.