How to Secure Your Online Store

securityIt seems like every week there is a new security threat on the news.  However, most of the security threats to an online store are due to negligence on the part of the store owner and not some super-hacker.  I’m continually appalled at how lax some store owners are at protecting their customer’s data.  Until biometrics become commonplace, you’ll need to continue to take steps to ensure your store is secure from threats.

Pick a PCI Compliant Host Who Specializes in E-Commerce

The biggest mistake people make when setting up their store initially is going with the cheapest host they can find.  While that $4.99/month price may sound like a bargain, you get what you pay for.  A host that specializes in e-commerce hosting will ensure that their servers are fully PCI compliant, and will scan them regularly for malware/viruses.  They will also make sure your firewall is set up correctly, and things like SSH access are disabled so that hackers don’t have an easy entry point.

IP-Restricting the Admin Area

The simplest protection against hackers getting into your admin area is to restrict it to certain IP addresses.  Most e-commerce software his this built-in, but there are some workarounds available if yours doesn’t.  Essentially you just put the IP addresses of you and your employees into the system, and anyone else who tries to enter that area will be blocked.  Simple and easy, but no one ever seems to set this up.

Choosing Strong Passwords

I’m continually surprised when clients provide access to their server with passwords like ‘1234567’ or ‘password2014’.  There are tons of free password generators out there that will generate complex, impossible to guess passwords.  Use these for your server, your admin login account, your email, EVERYTHING.

Scanning For Malware/Viruses

One of the easiest entry points for a hacker is through your hacked computer.  Keyloggers provide hackers with all of the passwords they need, not just for your online store but for your bank account, credit cards, etc.  Scan the computer you use for your online store regularly for viruses and malware.

Keeping Your Software Up to Date

Most hacks occur when a store owner is using outdated or insecure software on their site.  WordPress is a notorious target for hackers, and once they get in there, they can get in to the rest of the software on your server, including your online store.  When WordPress comes out with an update, it is for a good reason, don’t ignore it!  The same goes for any other software on your server, including your shopping cart.  When you get a security patch from your shopping cart provider, install it ASAP!

Access to Third Parties

Often you need to provide access to your site/server for programmers, third party vendors, etc.  When you do so, make sure you give them a unique account that you can disable when they are through.  Also make sure you delete their IP address from the allowed list on your Firewall when they are done – there is no reason for them to have access to the site at all once their work is done.  NEVER give out your personal account login info to someone you don’t know!

Backup Storage

Many store owners seem to think that storing a backup of their site ON their server is a good idea.  Backups should always be kept OFFLINE, and any good host will be doing this automatically for you anyway.  There is no reason to store a complete copy of your site or database on your server.  That just makes it easy for a hacker to get everything they need.

Common Sense

When all else fails, use common sense.  If you think something is risky, chances are it is!  Remember, if you are hacked, it isn’t just your customer’s credit cards that can be hacked, but you could be liable for huge fines as well.  It is your responsibility as a store owner to provide  secure, safe shopping environment for your customers.

Not sure if your store is secure?  We’ll be happy to give you a site audit, just drop us a line!