In addition to taking basic data protection measures, the following tips will help you offer an all-around secure shopping experience for your customers.
Tip 1: Integrate backup plugins
Many shop systems offer a backup plugin that provides additional security to your website. These include:
UpdraftPlus
BackWPup
BackupBuddy
Duplicator
Snapshot Pro
The plugins let you perform both manual and automatic backups and require little-to-no technical expertise. In case of an emergency, you can simply restore any lost data or even your entire shop system installation.
Tip 2: Use secure passwords yourself
Secure passwords are among the most basic aspects of IT security. Prevent unauthorised access to your databases and servers by always adhering to secure password rules for your own passwords. The following passwords are particularly important for online retailers:
administrator password for the shop system (shop backend)
login password for the web server/FTP server
login passwords for databases
login passwords for web hosting, web server and web interfaces
login passwords for any online marketplaces you use
login passwords for online banking
To ensure maximum security, always use a combination of letters, numbers and special characters. Avoid using actual words. Your passwords should be at least eight characters long in order to withstand ‘brute-force attacks’ (attacks in which hackers attempt to crack your password by automatically entering random combinations of characters).
Tip 3: Limit the number of login attempts
Even if you have a secure password, brute-force attacks remain a threat. That’s why it is a good idea to limit the number of login attempts that your site allows. You can adjust this number in your shop system’s settings. After too many failed login attempts, the attacker’s IP address will be blocked and they will be unable to attempt to log in to your site again.
Tip 4: Limit write permission on the server
It’s always a good idea to set restrictions on who has permission to edit files and directories on the web server. This is known as ‘write permission’. One method for doing this is to use file transfer protocol (FTP) to set the functions that are allowed for a particular file:
Only grant write permission for files that require frequent editing. For all other files and folders, it is more secure to only put a tick beside ‘read’ and ‘execute’. The more files with write permission, the higher the risk that attackers can breach them with malware and gain access to your data.
Tip 5: Use the latest versions of virus scanners and firewalls
Viruses find innumerable ways to breach a computer without being noticed. That’s why it’s essential to install the right threat protection software to enable your customers to shop safely. This includes a reliable virus scanner as well as a firewall. Here are the differences between them:
Tip 6: Integrate captchas
Captchas can increase web security for data entry forms, such as contact and account creation pages. They prevent bots from abusing forms and entering spam by detecting whether the form is being filled out by a human or by a machine. Most shop systems offer ready-made plugins that enable you to integrate captchas.
Tip 7: Avoid public WiFi networks
The same safety rules that apply to users also apply to IT security for online shops. As an online retailer, you can basically work from any location with an internet connection. Just remember that it’s risky to log in to your shop system or access other sensitive data when using a public WiFi hotspot. These are generally unsecured networks, which makes them more susceptible to hacker attacks. If using a public WiFi connection is your only option, it is safest to connect via a virtual private network (VPN). This will encrypt the data that transfers between your (mobile) device and the VPN server you are using.
Tip 8: Use a failover system
Protection against cyberattacks is important, but it’s equally important to protect against system shut-downs or unexpected failures caused by things like:
maintenance operations
technical server problems
power outages
Failover systems are a reliable method for preventing loss of access when your primary system is offline. They ensure that your online shop remains available. Anytime your primary shop environment becomes unavailable, the failover system will automatically switch to a redundant backup installation.
Tip 9: Display security seals of approval
Build trust among your shoppers by displaying security-related seals of approval. Doing so also helps to protect you against various threats, because qualified IT experts verify the security of your online shop. Quality seals and encryption certificates are issued by organisations that evaluate your shop based on:
payment security
website security
compliance with data protection legislation
When your shop is granted a seal of approval, you can be sure that it has met all the requirements for providing your customers with a secure shopping experience.