Monday, 15 February 2021
Keeping your website or e-commerce store secure in 2021
As online shops become an increasingly part of retail, the importance of data security rises. Digital Growth Programme consultant Rob Gregory explains what businesses need to consider to ensure their e-commerce website is secure – and they’re protecting not just themselves, but their customers.
Why is security so important?
In any business arrangement, security and privacy are very important. You wouldn’t leave a proposal, contract, invoice or email lying around in the park for anyone to pick up and read. So it follows that we need to be in control of our online security and privacy in order to protect our customers and our own businesses. Data has value, and with that value comes the risk of data being used in ways that we are not comfortable with – or worse still used to perpetrate criminal activity.
What exactly are we trying to protect?
The simple answer here is everything. We need to protect everything. That said, it’s worth considering the types of information our website might transact and store in order to understand the “whys” and “hows” of website security.
Your website can store personal information like email address and physical addresses. It might even store passwords or payment data. If you offer e-commerce, it will most likely store customers’ purchase history and correspondence. All this data is valuable and should be kept private and secure.
Data security steps we can take
No website is 100% secure but there a number of steps we can take to mitigate the risk of it being compromised.
- Most websites are built using a content management system, or CMS for short, such as WordPress. Your CMS and any plug-ins it uses must be kept up to date as any software updates will likely include security upgrades. You can do this yourself or ask your provider to do it for you.
- Your website needs an SSL certificate. This changes your website to run using https rather than http, which in simple terms means that all data sent from the browser to the server is encrypted and therefore can’t be intercepted and read by eavesdroppers.
- Restrict access to your website admin system. Only provide accounts to trusted people and, even then, make sure they only have access to the bare minimum of features.
- Employ two-factor authentication (2FA) wherever possible. This means that anyone accessing your website needs to be able to provide a second level of authentication via an app or a code sent in a text message. There are plug-ins for WordPress that do this for free – search for “Wordfence Security”.
- Only ask for and store the bare minimum of information from your customers. If you offer e-commerce, it’s worth using a payment service provider like Stripe or Braintree, which handle the payment details so you don’t have to.
- Back up your website regularly. This way, in the event of something bad happening, you can always get you website up and running again – just make sure the security holes are fixed before you restore the data. For WordPress, there a number of options but a good plug-in is “Updraft Plus”.
What to do if there is a security breach
It depends on the severity but the key thing to have control over is communication. The last thing you want is worried customers or users who can’t contact you. Be honest and keep them informed of the actions you are taking. If you take the necessary steps, then your website will likely remain secure, but it’s worth considering your data and privacy polices now to be happy that you are covered.
A secure website is a safe place to be for your customers to interact with your business and that’s of primary importance. So it might be worth getting it checked out if you have any concerns.
You are responsible for keeping your customers data safe so security must be a priority. If you have concerns, speak to an expert to help you audit and fix any vulnerabilities. Monitor activity and act immediately if you have concerns. When it comes to security, prevention is by far the better option as remedial action can be costly from a financial and brand reputation perspective.
Don’t be scared of security as there are plenty of tools you can use to make sure that your website is a safe place to do business. Just don’t ignore it and remain vigilant.
How to find out more
To hear more from Rob, you can join Digital Growth Programme’s webinar, How to take Payments Online, on 3 March as part of Cyber Week. To book your free place or for more details, click here.
The Digital Growth Programme is managed by East Midlands Chamber (Derbyshire, Nottinghamshire, Leicestershire). It is a programme part-funded by the European Regional Development Fund, the Chamber and Leicestershire County Council designed to help SMEs located in Leicester and Leicestershire embrace new digital technology to improve productivity to aid growth. For more information please visit www.leics-digital.co.uk
Businesses based in D2N2 can access similar support by visiting https://www.d2n2growthhub.co.ukBack