Over the last six months, COVID-19 has fueled online shopping. In fact, according to the U.S. Department of Commerce, online (e-commerce) sales grew more than 31% from Q1 to Q2 2020. As more businesses adapt to a post-pandemic world, e-commerce capabilities continue to play a critical role. But there are multiple levels of sophistication and features – from simple online stores with just an image and price to configurations that require heavy investments from IT and legal. Regardless of complexity, security plays a vital role when ensuring employee, partner and customer safety.
Whether your brick and mortar business is new to e-commerce, is currently transitioning online, or is already in the space, here are some basic security principles to follow:
1. Authenticate, Authenticate, Authenticate – If you remember one tip, remember this: use strong authentication methods. Authentication comes in many forms. Whether following the basics such as using robust passwords (or better yet a passphrase) or using more advanced technologies, such as multi-factor authentication, authentication when accessing your store website or backend applications is foundational for security. And, good multi-factor authentication also has the added benefit of showing the user or organization when someone else tries to access the account.
2. Keep Applications Up-to-Date – It sounds simple, but many businesses fail to keep online applications current with the latest updates and patches. These changes can have a big impact on configurations and could leave your online business vulnerable to things like browser exploits. Fortunately, most popular browsers notify businesses about updates and allow for automatic updating. But more complicated setups might only notify you of updates and not automate the process, meaning you have to review and take action to stay updated. Regardless, it’s a good idea to set aside a small amount of time regularly to ensure web applications and management software are current.
3. Isolate Your Web Applications – Online applications should never run on the same network as your database or your workstations. If a breach does occur, the attacker has access to everything. One solution is to isolate your web applications from the rest of the network to help harden security. For more advanced e-commerce deployments, you may also want to monitor any traffic passing between the segmented networks (which can easily be done by deploying a network security solution that includes services such as intrusion prevention, URL filtering, gateway antivirus and more).
4. Prevent Network Attacks – Many of the breaches happening to businesses today come from network attacks like cross-site scripting attacks. To prevent this sort of attack on your applications, you should implement a network-based antivirus service or solution, which is more advanced than basic antivirus software (which struggles to catch unknown viruses or malware).
5. Monitor Your Applications – Most applications allow you to log activity. By monitoring your applications, you can observe changes and quickly respond to reduce potential damage. Look for logging functions and emailed reports. Read up on logging for your application and save at least a weeks’ worth of logs to a safe place. This allows you to determine the cause of an incident when one happens.