Moreover, “Open source nonprofit initiatives like Let’s Encrypt offer free certificates,” says Sara Hicks, CEO, Reaction Commerce. So there’s no excuse not to get one. “And don’t let your SSL certificate expire,” she adds.
HTTP over SSL is known as HTTPS and offers more security (encryption).
However, “a surprising number of websites still don’t support HTTPS,” says Marc Laliberte, information security threat analyst, WatchGuard Technologies. “HTTPS protects your customers and your business from sniffing and impersonation attacks.”
For an even higher level of security, he recommends enabling HTTP Strict Transport Security (HSTS). “HSTS tells web browsers to automatically redirect HTTP requests to HTTPS and prevents users from overriding invalid certificate warnings. This reduces the possibility of fraudulent modifications to your user’s web requests and helps to prevent man-in-the-middle attacks.”
4. Make sure your site is PCI DSS compliant
“If you’re processing online payments, you’ll need to make sure your site is PCI DSS compliant,” says Hicks. “Fortunately, many payment integrators, like Stripe or Braintree, encrypt and store credit card info for you, so none of the critical payment data is stored on your side.”
5. Keep your site updated
“Unpatched applications and extensions will make your ecommerce site an easy target,” says Laliberte. “Hackers love low-hanging fruit and often use automated web crawlers to look for sites with unpatched applications. Keeping your website and backend software updated with the latest security patches is the single biggest (and often simplest) step a small business can take towards stopping an attack.”
“A website that isn't completely up to date with its security patches is vulnerable to attack,” says Armstrong. “For this reason, it's imperative that ecommerce retailers ensure that all available patches have been applied to their online platforms. Stay on top of release cycles to ensure that those are always up to date,” he says. “Also [use a] firewall in front of the ecommerce store to help protect against vulnerabilities that might be discovered. This is an additional measure of protection that provides some time before patches are applied.”
6. Require strong passwords
“One way hackers can gain entrance into your site is to use a brute force hack, which basically starts putting combinations of letters into your site login, hoping to get lucky and crack your password,” explains Wiggins. “Using randomized and long passwords makes this a lot less likely.” So have employees use strong passwords, a combination of upper- and lowercase letters, numbers and symbols, or use an “online complex password generator to protect yourself.” Also have people change their passwords every 6 months, if not more often.
7. Know the signs of fraud
Sign up for CIO Asia eNewsletters.