Be open for business and closed to cybercriminals.
For many shoppers and sellers these days, e-commerce is just commerce. But no matter whether you operate a whole online retail operation or sell off a few old items through a reselling app, you should understand how to protect your business and your customer’s data. Make good cybersecurity a habit, and security becomes an integrated element of your growing retail empire.
Lock down your login
Fortify your payment terminals, accounts, and e-commerce platforms with strong, unique passwords for all accounts. A strong password is at least 15 characters long and uses a mix of uppercase letters, lowercase letters, numbers, and symbols (! or $). Ideally, your password does not include recognizable words and is just a random string of characters. Importantly, you want a special password for each account – use a password manager to generate, store, and maintain all of the passwords for your business. Use multi-factor authentication (MFA) wherever it is permitted. MFA shields your online accounts by enabling the most robust authentication tools available, requiring you to use biometrics (like a fingerprint scan) or a unique one-time code sent to your phone to log in.
Turn on automatic updates
Keep the software on all devices up to date. All critical software, including computer and mobile operating systems, security software, e-commerce software, and other frequently used programs and apps, should be running the most current versions. Save yourself time and turn on automatic updates in the security settings to get the latest updates right away.
Think before you click
Criminals will try to trick you by pretending to be your bank, payment processor, trusted business partner, and others. If you receive an email encouraging you to take immediate action, scrutinize the message and sender before clicking on any link. If you have any doubt about the message being authentic, call the company directly or go to their website, but don’t use the contact information in the email itself. Don’t even click the unsubscribe button in a suspicious email. With a few seconds of consideration, you can identify most phishing attempts. Remember, scammers might also try to steal money or your personal information through phone calls or text messages. Financial institutions and government agencies (like the IRS) will NEVER ask for your login information over the phone.
Back it up
Protect your sensitive information and documents by backing them up. That way, if you have a copy of your data and your device falls victim to ransomware or other cyber threats, you will be able to restore the data from a backup. Backups are also lifesavers if your device breaks. Most devices now allow you to back up your data to the cloud, meaning remote, internet-connected computer servers. It is a good idea to back up important data on both the cloud and external storage media, like an external hard drive. You can even store the hard drive in a safe.
Communicate with others
Criminals constantly target consumers and merchants, but they increase their efforts during busy online shopping periods, like in the final few months of the year. Talk to your payment vendors and to information security professionals in your community so you know the latest issues.
Encrypt payment data
Quality payment vendors nowadays will encrypt payment data while it is being stored and transmitted. Ensure your payment vendor does this, and if it doesn’t, consider a competitor that does. Encryption plays a highly important role in hiding sensitive payment data from cybercriminals.
Think about who has access
The fewer doors, the fewer ways in. Do an audit of who has administrative or privileged access to your e-commerce site and payment data. Restrict that access to only those who need it to do their jobs. Treat data like cash.