Securing your online store and protecting your customers are important and ongoing tasks. Take a look at some steps to consider when setting up and running an online business.
1. Basic hygiene
Keep your devices and software up to date.
Use strong and unique passwords for your accounts.
Make sure you have antivirus and a firewall installed, running and up to date on all your systems and devices.
- Set up multi-factor authentication (MFA) on your accounts wherever available.
2. Remain aware and vigilant
Stay up to date on any security advice, vulnerabilities and patches for the hardware and software that you use to operate your business.
- If you use a service provider, make sure you get assurances that they will keep your system and services up to date and operational.
3. Choose robust and reputable providers
Enquire about any cyber security assurance exercises your providers may have in place, and how often they do it.
Acquire any technical reports that highlight evidence of their annual or frequent security assessments.
- Do the developers follow secure coding practices and what standards do they adhere to during development?
4. Recovery planning and backups
Have incident management, recovery and continuity plans in place. Be prepared for incidents when they occur to recover and resolve any issues in a suitable time frame.
Test your plans to ensure the organisation’s relevant staff members are aware of the processes involved and to identify any potentially unforeseen problems.
- Ensure your website and data is regularly backed up so you can restore them in the event of an incident.
5. Website and payment gateway security
Set up SSL/TLS certificates (https) for your website, especially for any webpages that handle personal/sensitive information such as payments or contact forms.
- If you are maintaining your own website domain, remember to renew your certifications and contracts for third party services.
6. Cyber security and awareness training
A cyber-aware culture in your organisation is a very important aspect to consider.
- Staff should be regularly trained on cyber security and advised of current trends they might encounter whilst at work and at home.
7. Security plugins
Security plugins are a simple way to enforce security protection on your website. They can protect against a multitude of cyber-attacks.
Always install extensions only from trusted sources and keep them up-to-date.
- Do not install any extensions or software links received through suspicious emails.
8. Device and system control
Restrict the functionality of every device, operating system and application to the minimum needed for the business to function.
Access to systems, software and services should be limited to only those who need it. Ensure access is revoked for any staff leaving the organisation.
- Use multi-factor authentication (MFA) for your accounts wherever possible.
9. Fraud protection
It is recommended to use reputable platform service providers or developers to set up your online store. Ensure they can provide you with adequate fraud prevention tools to assist in identifying and stopping fraudulent activity.
Your payment gateway service provider will also be able to help with anti-fraud tools and advice.
10. Data protection
You must ensure your company is GDPR compliant. You may be storing more information about your customers than you would if you were operating a traditional bricks-and-mortar business so you should be sure that you (and any third parties) are handling this data securely.
With the introduction of GDPR, a data breach can result in large fines, not to mention the loss of reputation and trust in your organisation. Make sure you have a data breach response plan in place to minimise damage and speed up recovery in the event of a data breach.