10 Business Cybersecurity Tips for Online Retailers

With millions of retail establishments forced to close their doors to curb the spread of COVID-19, many businesses ventured online for the first time, while others increased their investment in an existing store. And that trend toward e-commerce is showing no signs of slowing down. Businesses looking to the future are planning on continued investment in online retail.

And in order to thrive in an increasingly competitive online environment, businesses must protect their data, as well as the data provided by customers. While it's easy to assume that large businesses face the greatest threat from cybercrime or data hackers, according to the Verizon Data Breach Investigations Report, 28% of data breaches involved small companies.

Here are some tips to help your business operate a safe and secure online store as well as protect sensitive data, wherever it resides.

1. Conduct a Current-State Analysis of the Cybersecurity Program

To protect itself, a company must understand where critical data resides and the mechanisms in place to prevent its compromise. To assess your cybersecurity program, take a close look at your organization's efforts to protect the data it possesses.

Some companies engage a third-party firm to complete this analysis, while others conduct the effort themselves. The goal is to identity a program's shortcomings and remediate them, before a criminal can exploit them.

2. Use E-Commerce Software from a Trusted Third Party

The software used to power an online store forms the foundation of an effective cybersecurity program. When selecting the software to run your store, take the time to read about the embedded security features. Some providers offer additional dedicated security tools, such as a Secure Sockets Layer (SSL) certificate, which protects data by encrypting it. They might also offer access to software able to scan a site for malicious software, or perform website backups.

3. Install Third Party Apps Sparingly

Some businesses uncover a need to install apps, such as an app to re-engage a customer who abandons their online shopping cart. Only download apps from your e-commerce software provider's store that come with extensive and positive reviews. To allow the app's provider to update the software's security, make sure you select automatic updates of the app.

4. Limit Employee Access to Customer Data

Only those with a business need should receive access to customer data. If employees change roles frequently, adjust their access privileges accordingly. That requires defining the access privileges for each role within the organization.

Additionally, assign every employee a unique login and require the use of complex passwords to access your technology, and consider requiring employees to use a password manager to store their passwords. And make sure employees know that it violates company policy to share their login credentials with a coworker.

5. Educate Employees on Cybersecurity

Every employee should receive training on the threats facing the company, as well as their role in detecting and preventing an attack. For example, train employees on the types of cyber attacks that come via email, such as phishing schemes that trick the recipient into providing login credentials, or malware that often hides in attachments. Such training should be required at least once a year, and include testing of the employee's knowledge.

6. Keep Software Up-to-Date

The threat landscape evolves quickly. To remove vulnerabilities, software providers often "patch" their software, meaning they update the program's code to improve its security. Most software solutions allow the end-users to decide when to accept a patch. However, delaying the installation of a patch can leave a business exposed to an attack. Allowing for automatic updates minimizes the potential for an attack.

7. Back Up Critical Data on a Daily Basis

Some criminals steal a company's data and demand a ransom for its return. Ransomware attacks rely on the fact that many companies fail to back up their data regularly. To combat the threat, back up your critical data on a daily basis to an offsite location, using a reputable third-party provider.

8. Protect Your Mobile Devices

To gain access to a company's online store, criminals may try to exploit the mobile devices used by employees. Since most devices can access emails as well as texts, exercise caution when opening unsolicited messages. If in doubt, an employee should not open a message, and they should delete it from their device.

9. Don't Overlook Marketing Data

Many companies maintain detailed lists of customer data to support their marketing efforts, which often includes an individual's mailing and email address and, sometimes, information regarding their previous purchases, spending habits and personal preferences. If this data resides with a third-party, such as an email marketing provider, there should be protections in place to prevent unauthorized access.

10. Designate a Cybersecurity Expert

While small and medium-sized businesses often cannot afford to dedicate full-time staff to website security, it often makes sense to designate an employee as responsible for monitoring potential threats. To do so, the employee should subscribe to security industry blogs that cover the threats facing online retailers, and provide a short monthly summary of what they learn.

For cybercriminals to launch a successful attack, they must find a security weakness to exploit. To avoid becoming a victim, businesses with an online presence must stay one step ahead of increasingly sophisticated and determined attackers. The longer a weakness exists, the more likely an attack.