Skip to main content
In light of recent global events, there is a heightened risk of cyber-attacks. We urge local organisations to exercise additional vigilance when monitoring IT infrastructure. Please report suspicious activity to us via our Cyber Concerns Reporting Tool.

Securing your online store and protecting your customers are important and ongoing tasks. Take a look at some steps to consider when setting up and running an online business.

1. Basic hygiene

  • Keep your devices and software up to date.

  • Use strong and unique passwords for your accounts.

  • Make sure you have antivirus and a firewall installed, running and up to date on all your systems and devices.

  • Set up multi-factor authentication (MFA) on your accounts wherever available.

2. Remain aware and vigilant

  • Stay up to date on any security advice, vulnerabilities and patches for the hardware and software that you use to operate your business.

  • If you use a service provider, make sure you get assurances that they will keep your system and services up to date and operational.

3. Choose robust and reputable providers

  • Enquire about any cyber security assurance exercises your providers may have in place, and how often they do it.

  • Acquire any technical reports that highlight evidence of their annual or frequent security assessments.

  • Do the developers follow secure coding practices and what standards do they adhere to during development?

4. Recovery planning and backups

  • Have incident management, recovery and continuity plans in place. Be prepared for incidents when they occur to recover and resolve any issues in a suitable time frame.

  • Test your plans to ensure the organisation’s relevant staff members are aware of the processes involved and to identify any potentially unforeseen problems.

  • Ensure your website and data is regularly backed up so you can restore them in the event of an incident.

5. Website and payment gateway security

  • Set up SSL/TLS certificates (https) for your website, especially for any webpages that handle personal/sensitive information such as payments or contact forms.

  • If you are maintaining your own website domain, remember to renew your certifications and contracts for third party services.

6. Cyber security and awareness training

  • A cyber-aware culture in your organisation is a very important aspect to consider.

  • Staff should be regularly trained on cyber security and advised of current trends they might encounter whilst at work and at home.

7. Security plugins

  • Security plugins are a simple way to enforce security protection on your website. They can protect against a multitude of cyber-attacks.

  • Always install extensions only from trusted sources and keep them up-to-date.

  • Do not install any extensions or software links received through suspicious emails.

8. Device and system control

  • Restrict the functionality of every device, operating system and application to the minimum needed for the business to function.

  • Access to systems, software and services should be limited to only those who need it. Ensure access is revoked for any staff leaving the organisation.

  • Use multi-factor authentication (MFA) for your accounts wherever possible.

9. Fraud protection

It is recommended to use reputable platform service providers or developers to set up your online store. Ensure they can provide you with adequate fraud prevention tools to assist in identifying and stopping fraudulent activity.

Your payment gateway service provider will also be able to help with anti-fraud tools and advice.

10. Data protection

You must ensure your company is GDPR compliant. You may be storing more information about your customers than you would if you were operating a traditional bricks-and-mortar business so you should be sure that you (and any third parties) are handling this data securely.

With the introduction of GDPR, a data breach can result in large fines, not to mention the loss of reputation and trust in your organisation. Make sure you have a data breach response plan in place to minimise damage and speed up recovery in the event of a data breach.

 

Downloadable documents

eCommerce Security Considerations Booklet (PDF)