This article was published on November 28, 2017

How to keep your ecommerce business from being hacked this holiday season

How to keep your ecommerce business from being hacked this holiday season
George Beall

New data from cyber security software provider Symantec and ecommerce platform BigCommerce indicates that the cost of a data breach to an ecommerce retailer could be as much as $172 per record compromised, with the cost to retailers continuing to rise right alongside the likelihood that businesses will experience an attack. These cyber attacks are more than just annoying; they have the potential to completely devastate your business.

The most negative impact of hackers is that they compromise your consumers’ trust in you. In a OnePoll study, over 2,000 respondents, nearly 87% of consumers stated they were “not at all likely” or “not very likely” to do business with a company that had suffered a data breach involving leaked credit or debit card details. These staggering numbers were only slightly lower if the information leaked was considered less sensitive, like email addresses or telephone numbers being lost.

Clearly, protecting your ecommerce business from hackers should be a top priority year-round; no business can risk the loss of a majority of its consumer base, not to mention the negative press that turns away potential newcomers. But it’s especially critical to take measures to protect your ecommerce business from hacks around the holidays, since the November to December timeframe is an ideal time for cybercriminals, who take advantage of the hustle and bustle of the season to hack, scam, and defraud people who are too distracted and stressed to recognize it. Hackers take advantage of the fact that businesses are less capable of monitoring suspicious activity because consumers are spending more money in a variety of different places due to traveling and other constraints of the season.

To prevent your ecommerce business from being hacked this holiday season, start by implementing the following strategies:

1. Don’t collect or store unnecessary information

It stands to reason that no one can steal what you don’t have, so don’t request, process, or store any sensitive customer information you don’t absolutely need to run your business. Not only is it completely unnecessary and risky to store thousands of credit card numbers, expiration dates, and card verification codes, it’s actually non-compliant with PCI standards.

You should aim to keep a minimal amount of data on your consumers — just enough for refunds and other operational essentials. It may be slightly less convenient for customers increasingly accustomed to one-touch payment methods, but the risk of storing all that information is not worth it for your business.

2. Offer secure checkout and stay PCI compliant

Make sure your online checkout system operates using a strong SSL authentication, since these certificates legitimize the identity of your business and encrypt the data in transit, preventing sensitive information from being stolen. Your customers will be looking for the SSL security seal and URL green bar more and more, as they are becoming more conscientious of who they entrust with their private information, and rightly so: web-based attacks have increased by 30 percent.

3. Require stronger passwords

Passwords are your first line of defense when it comes to protecting yourself online, so it’s important to choose longer, stronger, more complex passwords and to require the same of your employees and customers.

Hackers have sophisticated programs to run through simple letter and number combinations, and it just won’t take a computer program long to crack a code as complicated as “123456,” which remains one of the most popular and widely employed passwords. Require password best-practices, like eight-character, alphanumeric passwords that require capitalization and special characters.

4. Just install the system updates, already 

You know that annoying notification that keeps popping up on your computer every time you get into your work groove? Yes, you do actually need to install that, preferably immediately. It can be tempting to delay software updates across all your devices, but doing so opens you up to serious threats.

Not only are providers constantly upgrading security patches and protecting you from viruses and malware with each software update, they’re also leaving a trail of known issues and weaknesses for hackers to exploit. If you’re one of the people who didn’t bother to update your systems, hackers know exactly how to access your information.  

5. Keep tabs on your employees

Unfortunately, Infosecurity Group found that internal actors were the culprit for 43 percent of data loss among companies, and of that 43 percent, about half intentionally perpetrated their actions, meaning that approximately 21 percent of all data loss results from malicious insiders. Keep tabs on your employee’s online actions, and be sure to control and restrict access to critical information. Most importantly, remember that just as many employees cause data breaches completely by accident, which is why it’s important to incorporate clear policies and procedures for cyber security and ensure those standards are being met.

When it comes to running an ecommerce business, nothing is more critical to your long-term financial success than preventing hacks as much as possible and being prepared to respond appropriately and effectively when security threats present themselves. The very survival of your company may depend on your cyber security strategy.

Back to top