Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

4 Lessons For Small Ecommerce Stores Trying To Improve Security

Published 12/04/2020

4 Lessons For Small Ecommerce Stores Trying To Improve Security

By Rodney Laws, Editor at Ecommerce Platforms

Security is tougher for small ecommerce stores. They don’t have weighty budgets allowing massive investment — and while they’re less likely to be targeted owing to their relative lack of popularity and revenue, their appeal lives in vulnerability. After all, it’s better to attack a helpless minnow if you lack the weapons to take down a shark.

So what are such stores to do? Neither ignoring security as a priority nor breezily funding ideal safety measures is a viable option. The smart path ahead involves a more delicate approach with the investment of time and money in some key areas. In this post, we’re going to succinctly run through four security lessons that every small ecommerce seller must learn. Let’s begin.

Focus on human-based security first

What do I mean by this? It’s simple enough: the weakest link in an online operation’s security tends to be the people running it. You can forge a web fortress, but it won’t stop anyone if you happen to leave the drawbridge down and the front gate open. The biggest concerns here are passwords (despite the rise of passwordless authentication) and information protection.

Everyone with any level of admin access to a store needs to know how to set and protect a strong password (e.g. using enough characters, changing it semi-regularly, not choosing a word that someone might easily be able to guess). They must also know how to be responsible with how they talk about the store: if someone approaches them in an effort to glean information through social engineering, they have to refrain from disclosing anything significant.

Never rely on customer knowledge

Consider what the average buyer is likely to have learned about website security in their travels: to be clear, not that much. It’s easy to think that young people don’t need to be told about such things because they grew up using the internet, but that doesn’t necessarily mean much. In truth, a typical young adult’s “security” research might consist of the following:

...And that’s it. Why would they see the need for anything more? They’ve probably never dealt with major online issues, knowing the internet as a convenient and safe place. In other words, they’ve yet to see how badly things can go wrong — and the onus is on you to change that by providing information about how to use the internet safely.

The thought leadership will work to your credit and give you the chance to extol the strengths of your security system (strengths that would otherwise go unnoticed).

Promptly install relevant updates

“Updates are available”, explains the system, but it isn’t a good time so you delay them until later — at which point you delay them again. This is a common problem, and one that strongly undermines efforts to keep online stores secure. This is due to the inevitable prevalence of system vulnerabilities.

As developers prod at their systems to see what happens (and hackers target them), issues are always identified, and they need to be patched immediately. Once an exploit is common knowledge, myriad people will attempt to use it. Skipping updates will instantly make a store markedly less secure — so it’s essential to install them as rapidly as is practical.

Keep plugin use at a minimum level

Plugins are highly useful for ecommerce, but every plugin you install adds a point of vulnerability to your overall system. It’s normal for a key plugin to require admin access to operate, of course — so if someone who can’t access your system directly can get into the plugin, they can exploit that access to cause some major damage.

If you must use plugins, avoid the biggest culprits: choose those from acclaimed developers and check to see that they’re updated regularly. And if you ever stop needing to use a plugin, deactivate and uninstall it to get rid of that point of weakness. The fewer points of entry you maintain, the better.

Share this content on your favorite social network today!