Recent research has revealed that the security of a website is the second most influential factor in dissuading shoppers to purchase an item online, following price.
The vast majority (84%) of shoppers said that they would not make a purchase from a website that didn’t appear secure, while almost a third (30%) said that buying from a preferred site is the single most important factor in their decision-making.
Neil Christie, Commercial Director of cloud solutions company iomart said, “it is crucial for retailers to understand exactly what it is that makes a site secure and trustworthy in order to attract a new customer.
“There are still challenges regarding how to best demonstrate a commitment to data protection to your users. Plus, the majority of websites - even those that are already highly secure - have the potential to make further improvements quickly by implementing simple steps which are often overlooked.”
There are a number of actionable steps and changes that eCommerce stores can take to improve the security of their online platforms according to iomart’s guide:
Top five cyber recommendations for eCommerce
Monitoring file change activity
Files being added, changed or deleted is one of the earliest detectable signs that a website has been compromised. So, monitoring file changes is a highly effective method for identifying malicious activity.
Create a custom admin path
By default, your admin path will be something like ‘website.com/store/admin’. Simply changing your admin path to anything other than this default format will immediately make it harder for anyone to access your admin page and initiate an attack. You can change the admin path to anything you like.
Use an advanced web application firewall
When properly configured and managed, an advanced web application firewall also provides protection against three other major threats: SQL injection, application vulnerability exploits and injected code.
Educate your teams
Every single person within your organisation should be aware of malware and how to protect against it. Create a guide of best practices for email, backups and web development. Then share with all staff and make it part of the induction process for new starters.
If you’re not sure what to include in your guide, check out this advice-lead article on turning your staff into your best defence against ransomware and use that as a starting point! We also recommend holding regular training sessions to refresh knowledge of these best practices.
Monitoring unprotected credit cardholder data
Payment card data is typically the most sought-after information in malware attacks. By carrying out regular Primary Account Number ‘PAN’ scans you can be alerted to any unprotected credit cardholder data. This almost creates a trap for the attacker as once alerted, you can remove the unencrypted data, find the source of the malware and remove it before the attack is able to extract the personal data.
For a detailed breakdown on the right approach to responsible commerce, visit iomart’s full guide on improving and maintaining security in eCommerce in collaboration with cybersecurity specialist Foregenix here: https://blog.iomart.com/improving-and-maintaining-security-in-ecommerce-2019