Security Tips for Online Retailers

Posted on Posted in News, Resources

As an online retailer, you’ve doubtlessly been made aware of the importance of security. If you take credit / debit card payments on your website, you or your web host / developer will have ensured you are PCI-DSS compliant, and you may have become aware of the importance of SSL certificates, how EV certificates increase security and more semi-important technobabble.

There are however a number of little simple steps you can do to ensure your shop is secure, and a lot of it isn’t actually that technical at all. Here are our top tips for keeping your store secure; like many things, it begins at home.

1) Switch off and unplug

We’re not beating the drum of the eco-friendlies here, although this is also a great way to save energy and reduce your energy bill. But if you have a desktop computer, switching it off each night and turning off the router is a really good way to keep everything secure.

There’s no real reason to have overnight internet unless you need to leave something downloading; If you want to be able to browse the web on your phone as soon as you wake up, consider buying a timer switch and plug your router into it. This can turn the internet back on for you in the morning much like your hot water boiler gets ready for its morning shower.

2) Use Google Authenticator

Most banks today issue physical devices that generate one-time passwords for use when logging into Internet banking, but did you know that a lot of online services support the use of a virtual version of this technique? Search the App Store or Google Play for ‘Google Authenticator’ by Google.

Check with your online store provider to see if this two-step authentication - sometimes referred to as Multifactor Authentication (MFA) or Time Based One Time Passwords (TOTP) – is supported. Your email provider, your web host or other online apps that you use may also support this – extra benefits!

3) Only use your own Wi-Fi for Business

You’re at the shopping centre after work and suddenly realise you’ve not done something on your store. You’ve got patchy 3G, and notice that free Wi-Fi is available at the coffee shop. Where’s the risk in a quick latte and free Wi-Fi? The free Wi-Fi hotspot itself could have been compromised.

While relatively rare, this form of hacking involves the attacker ‘taking over’ the Wi-Fi device at a location by either logging into it or using a hacking tool such as ‘Wi-Fi Pineapple’. This tool can allow a hacker to convert a Wi-Fi hotspot into something known as a ‘Honeypot’ that can store traffic for later scanning or can divert users to fraudulent websites.

4) Keep Sensitive Data Safe

If you have a folder containing your companies’ supplier contracts, HR documents, cash flow forecasts or other sensitive information, consider placing this on an external hard-drive such as a USB Pendrive or Thunderbolt drive and store this as carefully as you would a physical copy of the information. Imagine what you would do if your hard-drive died, or you lost your laptop?

5) Backup

On a related note, for less sensitive information an online backup and file-sharing service such as Dropbox may be a good service to look at. This allows you to automatically mirror changes to files in selected directories on your computer to the cloud, meaning if the worst did happen you’re protected.

6) Close unused accounts and ask services to remove you

Many applications for business offer free trial periods without asking for card information. As business people we sign up for these trials on perhaps a weekly basis as we search for tools to better our businesses. When the trial is over, what happens to our account? Does it get removed, or does our potentially sensitive information remain behind?

Our advice is that if you aren’t going to be using a service, ask them to completely remove you from their systems / database. This ensures that should the worst case happen to the software provider and they are compromised, this won’t impact you.

These are just some of the simple ways that you can boost your security - as an online retailer, or indeed in any realm of business. If you’ve got any good tips that you think we’ve missed feel free to add them in the comments section below!