Ensure staff, devices and operational software use strong and regularly updated passwords. Passwords should be 12-15 characters long, consisting of a seemingly random collection of uppercase and lowercase letters, numbers and special characters. Passwords should be changed a minimum of every 30 days.
Weak passwords still remain an easy target for hackers looking to breach online platforms and software. Data and systems should never be protected with passwords that can be guessed easily like family names, favourite sporting teams or musicians. Reusing the same password and obvious number sequences, like 123456, still remain popular password options that can leave businesses exposed.
Run the latest anti-virus / anti-malware software on your eCommerce platform. Along with making sure your anti-virus/ antimalware software is running properly, you should also ensure you or your web-hosting provider have implemented a web application firewall (WAF) or additional intrusion-detection technologies and the data transferred between your computer and a website’s server should always be encrypted using TLS certificates.
Implementing software and security patches ASAP, including ones for your shopping cart, will protect you from online attackers who would otherwise take advantage of system vulnerabilities. It’s recommended to apply updates from trusted network locations (e.g., home, work) and only install links from trusted vendor sites.
Divide out duties and regulate access. Should a breach ever occur, the impact will be more limited as you don’t have all your eggs in any one basket. by reducing the risk of fraud from an individual with too much or unnecessary access to your business’ confidential information and /or systems weakens your defences against online fraud. By accident or design, confidential information or access to your system could be shared with malicious parties.
Regularly review all website links to prevent online fraud. Links (such as URLs, iFrames, APIs etc.), from your website to the payment gateway could be changed if your website security is compromised without you being aware of it. It’s important to confirm links from your site have not been altered to redirect customers to unauthorized locations.
Ensure all of the components and features on an eCommerce website are identified and properly secured or managed by relevant third party providers. Selecting reputable, trusted third parties to support your eCommerce solution with valid TLS certificates as well as the most current software upgrades and security patches is important in enhancing the security of your eCommerce website and associated software.
Make sure the following points below are included in your contract with them:
- use the latest version of all software and security patches that meet the latest IT security standards
- ensure your web host provider monitors any attempts or un-authorised changes of your Home Page content and will react immediately if something is detected
- use 2-step verification for remote access by any connected third party