Online security matters more now than ever before. The implementation of GDPR in 2018, and all the talk that led up to it, shone a spotlight on what can go wrong with the storage and use of personal and financial data. Throw in some high-profile data leaks to provide real-world proof and you have a recipe for concern. How much of your daily life is routed through the internet?
This is something that ecommerce sellers need to be particularly worried about. They not only store user data but also handle substantial transactions, making them excellent targets for hackers — so if you sell online, you must pay attention. In this post, we’re going to note four security risks that you need to guard against if you want your online store to flourish:
DDoS stands for dedicated denial of service, and it essentially involves getting a huge number of devices to repeatedly attempt to use your website. All this activity can slow your store to a crawl and make it almost impossible for legitimate shoppers to access it. Why do people bother doing this? Sometimes there’s a deeper motivation, but mostly it’s a precursor to blackmail: you’ll be asked to pay a certain amount to get the attacker to leave your site alone.
The best way to guard against DDoS attacks is to use a hosting service
that has built-in mitigation. Ever seen a form requiring you to solve a puzzle to confirm that you’re a real person? That kind of system can generally prevent a DDoS attack from getting anywhere by ensuring that almost all of the requests are blocked from reaching your site.
As with passwords, there are two types of transaction fraud that you should worry you: attempts to interfere in legitimate transactions to benefit somehow (usually through redirecting the money and spending it before it can be retrieved), and fraudulent transactions made to make purchases and get products before they’re discovered.
The former variety is one of the reasons why many shoppers now try to take security into their own hands: they sign up to bank-led security schemes, have backup accounts ready to go, use gateway services like PayPal, and even connect through free VPNs to obscure their IP addresses (there’s a handy list at the aptly-named whatismyipaddress.com
if you’re unfamiliar). You need to manage your end of the bargain by using a secure payment processor.
The latter variety has a similar solution, but you can do even better by using some kind of fraud detection service that will review provided bank details to gauge the likelihood of there being some kind of deceptive activity happening.
Phishing is a common method of getting access to personal information by pretending to be representing a trusted brand. If you’ve ever received a text message that claims to be from a banking organization you don’t actually use, you’ll know what this looks like. Since your store no doubt has a mailing list and communicates heavily via email (confirming orders, notifying people about new products, etc.), your brand will always be vulnerable to being used for phishing. It’s mostly an issue for big brands
, but not always.
Criminals could sign up to your newsletter, copy your email template, and start pretending to be you by reaching out to people they know to be your customers. While you can’t really do that much about it, you can offer easy confirmation of contact (asking people to reach out if they’re not sure whether a message is really from you) and let your customers know the things you’ll never say to them (for instance, noting that you’ll never ask for their passwords).
Password issues have been undermining security efforts for as long as personal computers have existed, and we’re still not in a position to ignore them. There are two types of password you should be concerned about: passwords for your user accounts (set by your users), and passwords for your admin access (set by you, of course).
User account passwords can be awkward because users can fail to secure their accounts properly, see their accounts hacked into, then blame you instead of themselves. You should require every password to meet a certain standard for length and complexity (How-To Geek has some solid tips
), and encourage users to change their passwords semi-regularly.
As for your admin passwords, using a weak password for your main dashboard can allow a hacker to brute-force their way into your system — and from there, they can do a lot of damage. They can steal your data, possibly including your financial details, take your store offline completely, or even corrupt your content to make you look bad.
Don’t make the mistake of leaving your ecommerce store with inadequate security, or it’ll risk everything from the store itself to your brand’s reputation. Keep these risks in mind, and do your best to guard against them. Good luck.