Think about when you leave the house without an umbrella. It almost always rains. But when you actually remember to grab your umbrella, you get clear skies.
The same is true with security for your eCommerce store. If you don’t take the time to create security measures, you’ll kick yourself for skimping on security earlier if you’re hacked. Don’t think “that will never happen to me”.
Security is abundantly important for every online retailer. But when starting your store, it can be easy to see strict security as a minute detail rather than the priority that is is. Here are a few simple and actionable things to do when considering security for your new eCommerce site.
1) Chose your host wisely
First things first, if you are trying to prioritise security, so should your host. Choose a reliable and trustworthy host. Make sure it’s reputable and very clearly values security.
A host’s security information should be very obvious on their site. Look for hosts that:
- Monitor and prevent attacks.
- Have recent server software. You want a host with the most up-to-date software.
- Isolate infections/hacks. In order to avoid the spread of viruses to other sites on the same shared server, you want a host that can stop an infection or hack in its tracks.
2) Pick passwords with intention
You knew this would be on the list. Yes, most of the time a site will not accept a password unless it fulfils certain requirements. This is because similar to you, sites benefit from their customers creating strong passwords.
However, people still brush over password creation time and time again. When building your password ensure you check for the following:
- A mixture of capital and lowercase letters, numbers and symbols.
- You don’t use the same password for every account. Once you password for one account is found out, all other accounts can be accessed.
- Your password is LONG. Password length does matter. As the length of password grows, so does the difficulty in hacking it.
- Don’t use go-to passwords. Your birthday, your anniversary and even your dog’s name can all be figured out. It is recommended to even avoid dictionary words.
- How long your password has been your password. The industry standard is to change your password every 90 days, but don’t let that stop you from doing it more frequently.
On the flip side, you should be requiring strong passwords from your customers as well. Hold your customers to the same security standards you hold yourself to. It is your responsibility to make sure your store is as protected as possible.
3) Store your passwords safely
Thinking that your passwords are now much too complex to remember? Think again.
You don’t have to remember them yourself. There are many secure plugins that house passwords safely.
At Shoprocket, we use Passopolis, a plugin that stores the login credentials to the tools and services that we use. By using this, we are also able to use a password generator, so we don’t even know our password. Everything is encrypted and managed for you.
Worried that you can’t find a service or way to store your passwords securely? Best to not do it online at all.
4) Put up a strong Firewall
A firewall is a hardware or software system between two or more networks, that allows authorised access and prevents unauthorised or malicious traffic to enter a network or system.
This is especially important for eCommerce websites because they receive a large amount of inbound traffic. Firewalls monitor that traffic, protecting your system from the inside out.
A well-configured firewall can also protect from attacks designed to overwhelm your system and block any legitimate requests, called DoS and DDos. The most effective types of firewalls for online retailers are gateways or proxy firewalls.
5) Embrace the two-factor authentication option
Two-factor authentication (aka 2FA) is a great option to increase the security of your login access. It is a second level of security beyond the password and it typically includes using your smartphone.
One useful tool for this is Google Authenticator. It generates a code or a barcode and sends it to your smartphone. In order to access your store, you have to input both your password and the code. Here hackers and viruses will not be able to physically validate your login.
6) Use Encryption software
Besides encrypting transmitted confidential information between the website and browsers, you should also maintain encrypted algorithms to keep hackers away from your code. This really goes for any sensitive information. Better safe than sorry.
Ensuring server security is a must. The industry security technology standard for establishing an encrypted link between a web server and a browser is SSL (Secure Sockets Layer). All information passed between the server and browser remains private and protected. The ability to instal an SSL connection, you’ll need an SSL certification. This is basically mandatory for all online stores. For free SSL that is super easy to set up, try CloudFlare. For those more technologically-savvy, check out Let’s Encrypt.
HTTPS is the version of HTTP that is secure, hence the added “S”. It indicates that all communications between the browser and server are encrypted, providing a secure channel in an insecure network. HTTPS typically uses SSL protocols for the encryption, and when you request an HTTPS connection, you will need your SSL certification. We advise stores to use HTTPS across their whole site. And if that’s not enough of incentive, Google also recommends it!
7) Research other helpful tools
For example:
- JetPack Protect: prevents brute force logins and gives you data on what sources are trying to hack you.
- VaultPress: software that provides automatic, live backups and restores, daily security checks for suspicious code, protection from spam in review and comments
- There are a number of free site scanning tools that detect vulnerabilities. These include:
- Quttera
- SUCURI
- Google Malware Checker
- Metascan
- WebInspector
8) Don’t ignore your updates
We’re all guilty of it. But it is one of the easiest things to do. Set a schedule for yourself to block out the time to update. Why is this important? Updates often include additional security measures that deal with the most relevant attack strategies.
9) Do ignore suspicious emails and Wi-fi options
Opening a suspicious email could unleash a virus in your server. Best to delete anything you think looks a bit off. On a similar note, make sure you are only using familiar or trustworthy wifi networks. Logging in with your credentials over a hackable network makes you vulnerable.
10) Educate employees
You can only do so much to protect your online store if your employees are disregarding these best practices. Make sure you review these ideas with your team. As they are also probably privy to administration credentials, they are just as responsible for protecting them.
Ensure they know how to handle sensitive data and customer information. They should never be sharing that information through anything but secure communication channels.
Furthermore, your whole company is responsible for protecting your customers’ information as well. Do not let a lack of emphasis on security lose you their trust.
Here’s the rundown:
- Chose a host that is as focused on security as you’re trying to be.
- Pick passwords wisely and force your employees and customers to follow suit.
- Put up a strong firewall.
- Store your passwords safely or not at all.
- Seriously look into 2FA as an option.
- Encrypt, encrypt, encrypt.
- Look into all the useful tools out there- but don’t trust just anyone, do your research!
- Don’t ignore updates.
- Do ignore sketchy emails and Wi-fi networks.
- Educate your employees.
We know this can sound daunting. In fact, it’s one of the reasons why we created Shoprocket, so you can focus on selling, whilst we manage everything else.