Based on Verizon’s 2012 Data Breach Investigations Report, 71 percent of the 855 data breaches it analyzed occurred with small companies. It is important that companies of all sizes, in other words, arm themselves with the knowledge and tools that can protect their customer information from hackers.
I recently corresponded with information security specialists across multiple sections for hints on how small-to-midsize ecommerce companies can protect customer details. Here are seven tips from these specialists.
Think before You Gather
The best way to make certain that hackers will not get their hands on client data would be to have no information to steal in the first location. Marilyn Prosch, an associate professor in Arizona State University’s W.P. Carey School of Business, puts it this way,”Do not collect information just because you can. It might very well become a liability if you lose it.”
Prosch, who helped create one of the world’s first data-privacy research labs, also noted that companies should consider how long they need to keep information. “Before you choose to collect a bit of information, determine its shelf life, so you don’t keep it forever. If you do not specify this, then it may become information pollution, which is unnecessary information that is potentially toxic.”
Permit Third-party Providers Manage Credit Card Information
Richard Stiennon is chief security analyst for IT-Harvest, a data-security consulting company. He states,”Never store customer credit card information.” Always use a third party processor like Stripe, Authorize.Net, or PayPal. These providers have the tech and security muscles to care for customer data, so it is better to leave the handling of credit card information to them.
Use SSL on Pages that Require Client Information
Skyler Slade, co-founder and CTO of Coefficient, a data warehousing firm, advises merchants to use SSL certificates on their checkout pages, sign-up webpages, and client login pages. “SSL prevents attackers from approving your clients’ traffic and stealing their passwords and credit card information,” said Slade.
Apart from adding an additional layer of security, SSL certificates also increase customer confidence. Most online shoppers have learned to connect”https” with greater security standards. Thus, having it on your website will probably build trust and make shoppers more comfy to finish the transaction.
Arm your Website with Additional Protection
IT-Harvest’s Stiennon adds that e-tailers can further protect their sites through a web application firewall. “Trend Micro has an easy-to-deploy security suite named Deep Security On Demand which operates with Amazon AWS.” The solution provides several capacities, including anti-malware, intrusion prevention and detection, in addition to standing and integrity monitoring.”
Trend Micro’s Deep Security On Demand provides multiple security capabilities.
For cloud environments, there is CloudPassage, a software-as-a-service firm that offers server security and compliance solutions to help businesses safely run their company in the cloud.
For extra protection, Stiennon says companies can utilize a content delivery system such as CloudFlare, which can’t just block risks, but also boost your site’s loading time.
Encrypt, Encrypt, Encrypt
Always encrypt your passwords and other sensitive information as a precaution, in case the data falls into the wrong hands.
Coefficient’s Slade says that if you are storing customer data in your pc, you should think about encrypting your hard disk as well using services like TrueCrypt. That way,”in case your laptop is stolen or you misplace it (like in an airport), your client data will not be compromised.”
Use Upgraded Software and Solutions
Be certain you’re only using solutions with the most updated safety practices. An excellent example for this is the shopping cart. According to Slade, merchants have to make certain that their shopping carts have modern security standards.
“Most hosted solutions probably will [have modern security standards], but if you are using a home-grown shopping cart, or something installed on a server that you handle, it may be using old MD5 hashed passwords. If your database is compromised, these passwords are simple to brute-force reverse, which may expose your customers’ accounts with different services.”
Educate your Clients
Encourage your clients to have an active role in protecting their information. Inform them about the information that you collect in addition to the best way to collect it. Teach them how to spot suspicious behavior on your website and inform you, if something goes wrong.