Muhammad Ali’s famous quote, “Float like a butterfly, sting like a bee—the hands can’t hit what the eyes can’t see,” is particularly applicable to ecommerce merchants. If you don’t store information hackers can use, they won’t see a reason to invade your site. Thus, the first of these five tips for protecting your ecommerce site from hackers is—
1. Don’t Gather Data You Don’t Need
You have a broad array of options for accepting payments without gathering specific financial information. Encrypted checkout methods such as tokens as well as third-party payment processing services will keep your servers free of customer credit card data. Yes, in some cases it might means an extra layer of complexity when it comes to checkout, but if you can get your customers to understand they are better protected this way, they’ll usually come along with you. You also want to make sure your payment processing solution is PCI-DSS compliant.
2. Encrypt Your Network Communications
Your platform choice should support the latest versions of SSL (Secure Sockets Layer) or TLS (Transport Security Layer) protocols to ensure the data transmitted back and forth between your customers and the server upon which your site resides is encrypted. SSL certificates are an absolute necessity. Beyond that however, always make sure you’re using the most current version, as they continually evolve as new threats are discovered. For added protection, go with EV SSL (Extended Validation Secure Sockets Layer). Additionally, you want to make sure every page of your site is secured to ensure there are no vulnerable entry points. Many sites only secure checkout pages, but this is a mistake.
3. Choose Your Software Platform Carefully
There are many software choices available when you’re considering how to set up an ecommerce site. While your first impulse might be to choose one with the prettiest interfaces, you should give more consideration to the security of the platform. Generally speaking, open source software is more vulnerable than proprietary software because the underlying code of open source software is laid bare for the world to see. Proprietary ecommerce software comes with a “no peeking behind the curtain” caveat, which tends to make it less prone to hacking.
4. Choose Your Host Just as Carefully
Your site will only be as secure as the server upon which it is hosted. If you’re in a position to choose between shared and dedicated hosting, the latter is always preferred. With dedicated hosting, you don’t have to be concerned about hackers invading the server through a less secure site sharing the server. If you can’t go fully dedicated, your next best bet is a virtual private server, which affords you many of the protections of a dedicated server at lower cost.
5. Perform Software Updates Immediately
Security is almost always the underlying cause whenever an update for ecommerce software is issued. As hackers come up with new moves, code writers come up with counters for them and software updates are issued. However, your site remains vulnerable until you perform the updates. Delays afford interlopers opportunities to launch attacks against your site. It’s amazing how many hacked sites are found to be running older versions of software with uninstalled updates available to defend against the attacks to which they fell victim.
These five tips for protecting your ecommerce site from hackers are just the beginning when it comes to things you can do to ensure site security. But skimping on them will practically guarantee the failure of your business. One good round of chargebacks will bring down most fledgling enterprises. Don’t let it happen to you.