It’s your responsibility to protect data stored on your website.

Key talking points:

  • E-commerce sites are an attractive target for malicious hackers.
  • Yet many businesses’ sites aren’t properly safeguarded against the threat of cyberattack.
  • Company leaders can employ these seven strategies to protect their databases and keep consumer information out of the wrong hands.

If you’re old enough to have experienced life before e-commerce, you might remember hesitating before entering your credit card information online. But times and technology have changed, and today, people are much more comfortable ordering products from online retailers without so much as reentering a credit card number or confirming a CVV code.

Saving payment information makes e-commerce sites a target for cybercriminals looking to make a profit. If these criminals get access to sensitive customer data, they can use stored credit card numbers to make their own purchases or sell the numbers on the dark web. If your business has an e-commerce website, your customers could be at risk. As a website owner, you’re responsibility for keeping this private information secure.

How Cybercriminals Steal Consumer Data

Cybercriminals use various techniques to exploit databases that store valuable information like customer data and credit card numbers.

Credit card skimming, for instance, involves cybercriminals injecting code into a website that sends all submitted payment information straight into the cybercriminals’ hands. The transactions appear to go through with no errors on the customer’s end — so the customer is none the wiser until he spots suspicious activity on his bank account. This is exactly what happened to upwards of 38,000 British Airways’ customers last August, when attackers “skimmed” their credit card data via malicious JavaScript code.

Criminals may also use a tactic called credential stuffing to guess thousands of username and password combinations in the hopes that one unlocks the administrative panel of your website. It might sound like a long shot, but it’s how hackers gained access to the data of Boost Mobile’s customers just a few months ago. Instead of using random combinations of letters and numbers, hackers shop around on the dark web to find old usernames and passwords — which statistics show consumers use on multiple accounts.

How Can Businesses Keep Private Information Secure?

Cybercriminals use many different methods to extract sensitive information, but you have an arsenal of defense tools at your disposal to secure customer data. And as the owner of an e-commerce website, protecting your customers’ personal data is your responsibility. The following techniques that companies use to protect their databases can help you build a solid defense to keep consumer information out of the wrong hands:

1. Install an SSL certificate. This measure encrypts data in transit from the user’s browser to the server of the payment processing site. For example, if you’re accepting online payments through a gateway or third-party processor, such as Square, an SSL certificate will prevent hackers from stealing payment information in transit.

2. Use a web application firewall. WAFs monitor traffic and halt malicious attempts that may exhaust your server resources. Look for a WAF that meets the Payment Card Industry Data Security Standards and has built-in DDoS protection.

Also, be sure that your WAF allows you to customize the settings to block any incoming traffic from countries you don’t ship to. For example, if you don’t ship outside of the United States, customize your firewall to block traffic from anywhere outside of North America. This will help keep customer data more secure.

3. Keep plug-ins updated. Outdated plug-ins are a cybercriminal’s best friend. Hackers are constantly combing popular e-commerce plug-ins for fresh vulnerabilities. If you regularly let your site run on outdated plug-ins, it’s only a matter of time before hackers find their way in.

4. Rely on automated antimalware software. Automating malware detection and removal can provide enhanced security to your site and save you a lot of time. Look for a comprehensive solution that reviews your site’s files and automatically applies security patches. This will detect and remove malware from your website, giving you one less thing to worry about on a day-to-day basis.

5. Back up and restore important data. In the event of a breach that corrupts your website files or database, you can minimize downtime by restoring an earlier version of your website. An effective backup solution is one that can automatically back up your website files along with the database for at least 30 days. The cost of downtime on an e-commerce website adds up fast, but it can be largely mitigated if you’ve prepared ahead of time to restore operations as quickly as possible.

6. Implement security awareness training. It may surprise you to learn that your employees are often the weakest link in the cybersecurity chain. However, just a little bit of security training can go a long way in decreasing this risk. Teach employees how to spot suspicious activity — whether it’s on your website or in phishing emails in their inboxes — and show them what constitutes a strong password.

7. Develop a cybersecurity plan. Create a cybersecurity incident response plan ahead of time to help you respond efficiently when a hacker breaks through your defenses. By clearly outlining who should do what after an attack, you’ll prevent the confusion and chaos that can sink businesses. Be sure to test your plan regularly with cybersecurity drills and address any weaknesses you find in your response plan.

E-commerce sites are an obvious target for cybercriminals. Therefore, the need for a comprehensive security solution is critical. Instead of looking at cybersecurity in e-commerce as an additional cost to your business, look at it as an investment in your future. By protecting your customers, you’re fulfilling your responsibilities as a business owner and building consumer trust that will position your business for a successful future.

To learn more about data protection, register for my webinar on database threats and solutions.