Published on September 19th, 2020 | by Sumit Bhowal0
Online Business Owners: Audit Your Information Security with These 5 Tech Tips
With safety concerns still paramount for shoppers in 2020, consumers are more willing than ever to take their purchasing activities online. For the first seven months of the year, ecommerce activity has been up 55% from 2019. If you own an online business, you should be considering ways to take advantage of the increased affinity for ecommerce, but you should also start thinking about improving your business’s security. Primarily online businesses have a unique risk profile that will shape your approach. Read on to learn how you can provide the secure shopping experience customers expect.
Secure Customer and Employee Accounts
It’s not easy to convince consumers already frustrated by the complexity of having and remembering multiple passwords to use the convoluted password-generating methods considered best practices. Many people ignore these requirements and reuse the same simple, guessable passwords for multiple accounts, and these easily guessed passwords are a major vulnerability for most organizations. Worse yet, even good passwords can be stolen. Dozens of high-profile businesses have been victims of data breaches, compromising millions of people’s login credentials and personal information. With many of their clients repeating passwords elsewhere, unrelated accounts are often imperiled as well.
Online businesses can secure accounts for employees and customers by using multi-factor authentication solutions . In digital security parlance, users have to provide one of three credentials to log into an account: something they know, or knowledge; something they have, or possession; or something they are, or inheritance. Passwords, which fit into the knowledge category, are the most common verification tools. MFA requires users to provide at least one other credential. Possession, for instance, includes your smartphone; if you’ve ever entered a unique code that a website texted you to log into an account, you’ll be familiar with this category. Inheritance describes biometric data, like facial recognition, fingerprint scans, or voice identification. Picking two of these categories that work for your business is an excellent way to increase security without making the login process too onerous.
Adopt Industry Standards for Hosting and Payment
Of the many pieces of personal information that customers fear will be compromised when they shop online, banking and credit card data are often top-of-mind. As an ecommerce business owner, you need to provide a safe environment where customers feel confident giving out sensitive information, and this is doubly important if you retain any payment data for customers. Unless you’re responsible for programming and maintaining your entire website, all you’ll need to do is ensure that your store is hosted by a service that complies with the Payment Card Industry Data Security Standard. Web hosts usually list this feature as “PCI-compliant hosting.” If you can’t confirm this on your host’s website, don’t hesitate to contact them to check.
You should also check to see if your website’s address is prefixed with HTTP or HTTPS. You may be familiar with Hypertext Transfer Protocol, or HTTP, but secured HTTP, or HTTPS, uses encryption to protect data moving between your customer’s browser and your site. If you’re not using HTTPS, how you upgrade depends on how you built the site. For business owners using popular codeless sitebuilders like Shopify, Wix, or Squarespace, you can follow the steps they outline for converting to HTTPS. If a developer built your site, contact them to begin the process of obtaining and connecting the security protocols you’ll need to use HTTPS.
Invest in Network Protections
Protecting customers while they shop isn’t the only security responsibility you have when you run an ecommerce business. Your company’s internal network and connected computers, along with the rest of your website, will benefit from a security audit. Businesses have numerous exposures, so take a comprehensive approach to securing both your website and local network. Programs that scan and excise viruses are an excellent start, but you’ll also want to invest in penetration testing for your website to see where additional work is needed. If your business handles proprietary knowledge, customer data, or other sensitive information, it’s likely well worth the expense of seeking out a qualified consultancy for this task.
By contrast, you can get started with securing your company Wi-Fi network immediately. Everyone who uses company Wi-Fi should be required to log in, and it’s best to change both the network name and password quarterly. Use WPA2 protocols to generate login credentials. Finally, don’t leave the password or SSID written down anywhere near your modem or other networking devices; it’s a simple vulnerability that anyone who enters your company’s offices can exploit.
Implement Office-Wide Email Security Practices
If you or an employee interact with an email that came from a hacker, all your security efforts could be for nothing. Simply reading emails won’t expose your data, but opening unverified links or attachments can be risky. Phishing emails include links to websites that mimic services your business uses and asks for login information. Once you enter it, you’ve shared your account information with a hacker. Attachments can be even more dangerous, as downloading files often allows bad actors to install malware on your computer immediately. To prevent these issues, be sure that everyone in your office knows that it’s company policy to run virus scans on email attachments and ignore attachments and emails from suspicious sources.
Make Backups a Habit
If your business is compromised by a cyberattack, the first step in getting back on your feet is installing your most recent clean backup on a new system. Because backing up data can be costly, time-consuming, and inconvenient, many business owners backburner the process until it’s too late. Don’t be one of them! Losing your business data will cause headaches for tax preparation, asset management, and more. Happily, it’s not as difficult to make backups as it once was. Whether you use cloud-based services, hard copy backups, or distributed storage, make sure that any server hosting your backups is redundant, so even if one fails, you won’t lose your data. There’s no way around the importance of backups, so put this on your to-do list today.
Information security is a more important part of running a business than ever, but even if you aren’t an IT professional, you can still use robust security tools and best practices to keep your business running so it can safely welcome customers for years to come.