Security for ecommerce retailers

For eCommerce retailers, security is often an afterthought. But it shouldn’t be! It’s one of the most essential parts of running your business effectively.

Your customers trust you to keep their data safe. People only want to give their money and business to companies and organisations they can trust.

An unsafe website impacts people’s perception of your company, so your marketing and efforts won’t have the same effect.

Here are some basic security practices you should use to ensure that their website is secure.

SSL Certificate

When shoppers submit data on your site, they trust you to protect their data from cybercriminals.

How do hackers steal information? Hackers commonly intercept data on an unsecured website by placing a small, undetected listening program on your website’s server. This program hides in the background waiting for a customer to begin typing in their information, then it captures the data and sends it back to the hacker.

This information can include anything from an email address, home address and even your customer’s bank details.

So how do you stop this from happening?

By having an SSL certificate!

SSL is the technology used to create an encrypted link between a web server and a web browser. It protects the privacy of the data passed between the web server and browser. Through this certificate, your data is hidden from ordinary people and only visible to customers and site owners.

If your site has an SSL, your customer’s browser forms a connection with their web server, examines the SSL certificate, and then secures their browser and the server. So no one besides you and your customer can see or access the information they input.

Companies that request personal information from a user, such as an email address or payment information, should have SSL certificates on their website.

Having one means that the details you are collecting are private and ensures the customer that when they see that padlock and HTTPS://, their privacy is safe.

To find out more about SSL certificates read our guide here (link to new guide)

DoS and DDOS protection

A distributed denial-of-service (DDoS) is a type of cyber attack where a malicious player strives to render a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of traffic, resulting in a denial of service to additional users.

Think of a DDoS attack as a traffic jam: with an expected level of cars clogging up the highway preventing regular car traffic from arriving at its destination. But in this case, the unexpected internet traffic stops your customers from visiting your site.

DDoS attacks use networks of machines connected to the internet, including computers and IoT devices, which have been infected with malware, allowing them to be controlled remotely. These are more commonly known as bots; a group of these bots is called a botnet.

After establishing a botnet, the attacker can send remote instructions to each bot.

During an attack, each bot in the botnet will send requests to an IP address, which causes the server or network to be overwhelmed. Resulting in a denial of service to regular traffic.

As each bot is a legitimate device, separating bot traffic from your regular traffic can take time and effort.

The easiest way to help protect yourself is to ensure all your server security is updated. Not only will this save you against DDoS attacks, but it will also save you against any server vulnerabilities.

It’s also important that you have a good understanding of your site’s traffic. That way, when unusual activity occurs, you can identify the symptoms of a DDoS attack.

There are a wide range of anti-DDoS hardware and/or software on the market that you can use to prevent an attack from happening. Take a look at the products available at CWCS.

Ultimately preventing a DDoS attack is much easier and cheaper than dealing with one that has caught you off guard, so it’s worth investing in these extra precautions to ensure you don’t fall foul of this type of attack. Ensure you’re adopting best practices regarding your server security and doing what’s right for your business, it’s website and infrastructure. Make sure you have a clear plan to follow if the worst does happen.

To find out more about DDoS attacks and how to prevent them read our article here.

Use a Firewall

Firewalls are hardware or software systems that work as a wall or gateway between two or more networks, permitting authorised traffic and blocking unauthorised and/or malicious traffic accessing your network or system. Creating a wall between them.

They protect your network from threats on the internet, for example, DDoS attacks. Since eCommerce websites have a lot of inbound traffic, you need firewalls to protect yourself from any malicious traffic entering.

The hosting you have can affect the type of firewall that you use. For managed dedicated hosting, we recommend using a Cisco threat-focused NextGen Managed Firewall (NGFW), and for those with cloud hosting, we recommend the CWCS ArcusWall.

Finally…

Talk to your hosting provider about your site’s security and how they can help you. At CWCS, we offer a range of security products. To find out more, get in touch with a member of our team. Our experts are always happy to help you choose the right solution.