One of the biggest mistakes that small ecommerce merchants make with data security is assuming that they’re too insignificant to be targeted by hackers. This simply isn’t true.
According to Verizon’s 2012 Data Breach Investigations Report, 71 percent of the 855 data breaches it examined occurred with small businesses. It’s important that businesses of all sizes, in other words, arm themselves with the knowledge and tools that can protect their customer data from hackers.
I recently corresponded with data security experts across multiple segments for suggestions on how small-to-midsize ecommerce firms can protect customer information. Here are seven tips from those experts.
Think before You Collect
The best way to ensure that hackers won’t get their hands on customer data is to not have any data to steal in the first place. Marilyn Prosch, an associate professor at Arizona State University’s W.P. Carey School of Business, puts it this way, “Don’t collect data just because you can. It could very well become a liability if you lose it.”
Prosch, who helped create one of the world’s first data-privacy research labs, also noted that companies should think about how long they should keep information. “Before you decide to collect a piece of information, determine its shelf life, so you don’t keep it forever. If you don’t define this, then it very well may become data pollution, which is unnecessary data that’s potentially toxic.”
Let Third-party Providers Handle Credit Card Information
Richard Stiennon is chief security analyst for IT-Harvest, a data-security consulting firm. He says, “Never store customer credit card info.” Always use a third party processor such as Stripe, Authorize.Net, or PayPal. These providers have the security and tech muscles to take care of customer data, so it’s best to leave the handling of credit card information to them.
Use SSL on Pages that Require Customer Information
Skyler Slade, co-founder and CTO of Coefficient, a data warehousing firm, advises merchants to use SSL certificates on their checkout pages, sign-up pages, and customer login pages. “SSL prevents attackers from sniffing your customers’ web traffic and stealing their passwords and credit card info,” said Slade.
Aside from adding an extra layer of security, SSL certificates also increase customer trust. Most online shoppers have learned to associate “https” with higher security standards. Thus, having it on your site will likely build trust and make shoppers more comfortable to complete the transaction.
Arm your Site with Additional Protection
IT-Harvest’s Stiennon adds that e-tailers can further protect their sites through a web application firewall. “Trend Micro has an easy-to-deploy security suite called Deep Security On Demand that works with Amazon AWS.” The solution offers several capabilities, including anti-malware, intrusion detection and prevention, as well as reputation and integrity monitoring.”
For cloud environments, there’s CloudPassage, a software-as-a-service company that provides server security and compliance solutions to help companies securely run their business in the cloud.
For additional protection, Stiennon says businesses can use a content delivery network such as CloudFlare, which can not only block threats, but also speed up your site’s load time.
Encrypt, Encrypt, Encrypt
Always encrypt your passwords and other sensitive information as a precaution, in case the data falls into the wrong hands.
Coefficient’s Slade says that if you’re storing customer data on your computer, you should consider encrypting your hard disk as well using services such as TrueCrypt. That way, “if your laptop is ever stolen or you misplace it (like at an airport), your customer data won’t be compromised.”
Use Updated Software and Solutions
Make sure that you’re only using solutions with the most updated security practices. A good example for this is your shopping cart. According to Slade, merchants must ensure that their shopping carts have modern security standards.
“Most hosted solutions probably will [have modern security standards], but if you’re using a home-grown shopping cart, or something installed on a server that you manage, it may be using older MD5 hashed passwords. If your database is ever compromised, these passwords are easy to brute-force reverse, which can expose your users’ accounts with other services.”
Educate your Customers
Encourage your customers to take on an active role in safeguarding their data. Inform them about the information you collect as well as how you collect it. Teach them how to spot suspicious behavior on your site and then inform you, in case something goes wrong.