Hacking and data breaches have become an occurrence over the last decade. Cybercriminals naturally target big corporations as they are high profile. However, small businesses, especially E-commerce sites, make easier targets. Cybercriminals are increasingly targeting small businesses. For example, in 2017, 47% of small businesses reported incidences of cyberattacks in the UK, and the following year, the number increased to 63%.
E-commerce sites are popping up every day, and unlike a decade ago, people are more comfortable and willing to share credit card information with these sites. This presents a platform for cybercriminals to steal sensitive information since most sites store credit card information and customer data.
How do you protect customer data?
1. Collect only data you will use
Cybercriminals are always on the hunt for data and vulnerabilities. It’s your role to protect your customers from these vulnerabilities. How do you accomplish this task? By minimizing data collection. Don’t collect customer data just because you have access. Sensitive data is a liability for any business, and the more you collect, the bigger the liability becomes.
Before you collect sensitive customer data, determine if you need it, and it’s shelf life. If the last decade of data breaches have taught companies anything, is that you shouldn’t store data longer than necessary, and you shouldn’t collect unnecessary data.
Prevention is cheaper compared to class action lawsuits or regulatory compliance. Therefore, collect only what you need.
2. Be PCI DSS Compliant
Any company or business that accepts credit card payments has to comply with the Payment Card Industry Data Security Standard. In case a company or business intends to store, process, or transmit credit card data, it needs to host its data with a provider that’s PCI compliant.
There are 4 PCI compliance levels, better known as merchant levels. Your eCommerce site will fall in any of the four merchant levels depending on your transaction volume over 1 year. Merchant level 4 encompasses merchants that process less than 20,000 visa transactions. The 3rd level encompasses merchants that process 20,000-1M Visa transactions over 12-months. Merchants who process 1M-6M Visa transactions are placed in level 2 while level 1 is reserved for merchants processing over 6M Visa transactions.
3. Enforce password complexity
Weak passwords are seen as a security vulnerability as they’re easy to guess. A weak password doesn’t have to be short; it only has to be easy to guess. For example, password is a common password that is long but easy to guess. The same applies to password123, your name, DOB, mobile number, or Name1234.
Passwords play a crucial role in site security, and if users have weak passwords, it’s seen as a vulnerability. You can reduce these vulnerabilities by enforcing password complexity. Ask your customers to change passwords if they seem weak. Instruct them to use a combination of numerals, symbols, and alphabets.
4. Update your security patches
Software patches are annoying as they often pop up when you’re busy. Most people to click either “Don’t do it” or “Remind me later.” You might keep ignoring software updates only to realize that you are exposing yourself to security breaches.
Updates typically come with new features and patch security flaws present in the previous version. Any software flaws or vulnerabilities in an operating system or software program is seen as a security hole. Hackers love these kinds of weaknesses as they easy to exploit by the use of malware.
The malicious software will use to steal data from your systems. All this mess can be avoided by updating your security patches.
5. Limit access to customer data
Security systems have one primary purpose, which is to avoid external attacks. Companies often prioritize external security but overlook that they can also suffer from internal breaches.
Businesses like E-commerce sites handle a lot of sensitive information like credit card data. They tend to enforce strict security measures that reduce external attacks. However, they often overlook the greatest threat, which is insider attacks.
You can mitigate this threat by restricting access to sensitive data. Ensure that only a select few have access to customer data. Also, restrict the number of employees who can edit the master data.
Don’t forget third parties and past employees. Revoke system access to past employees and review system access every time you hire consultants or contractors. They can intentionally or unintentionally cause a data breach.
E-commerce sites are under constant threat from evolving cyberattacks. Therefore, ensure that your site complies with the relevant regulations and adheres to stringent security measures.