Cybersecurity

7 Cybersecurity Tips for eCommerce


When it comes to eCommerce, every effort must be made to ensure that your digital assets are protected in the face of ever-increasing cybersecurity threats.

Trustwave’s annual Cybersecurity report finds that the retail industry is the most compromised out of all industries with 24% (up from 18% in 2019). PwC recent research suggests that cyberattacks are up by over 30% in the retail space – a sure sign that this is an increasing reality more so than just a passing trend. Cyberattacks are varied in criminal intent – they can be performed by malicious insiders abusing their credentials, organised crime groups or other such individuals that wish to extort your business.

The threat involved, and the currency at play here, is primarily data – specifically customer data. Online retailers naturally hold significant volumes of customer data. Cyberattackers seek to leverage this data as a means to extort businesses and derive a specific response.  Dave Manser, Managing Director of Vitamin Creative, an Irish full-service creative consultancy that caters to eCommerce retailers, provided his thoughts on the matter

“With the rapid digitalisation of the retail sector, we have observed an even greater need for cybersecurity provisions with our eCommerce clients. We regularly ensure that their websites are updated, backed up, and encrypted while utilising the latest security technologies.

“The value of eCommerce has only increased in previous years; seismically so from COVID-19 lockdowns. Greater revenues from online retail sales naturally place a bigger target on their heads – it’s never been more important for retailers to protect their digital assets online,” he added.

Radius-IT-Telcoms_cloud_security_ Trustwave Industry Cybersecurity 2020

Source: Trustwave Global Cybersecurity Report 2020

 

To mitigate the risks of a compromise, we advise the following tips:

 

7 Cybersecurity for eCommerce

1. Keep Your Website Constantly Updated

As with any self-hosted website, the likes of WordPress and associated plugins must be kept up to date with important security updates. The biggest threat of malware on websites is the neglect of these updates.

 

2. Enable 2FA / MFA

Two-factor authentication or multi-factor authentication should be used on all of your online accounts and SaaS products (Shopify, Hubspot etc). You can also implement this on your website platform (plugins like WPSecurity). These will lock down your access to the site if any strange activity occurs, or if rules have been broken (such as an unrecognised IP address, multiple incorrect logins, successive reCAPTCHA failures etc.).

 

3. Utilise a CDN

Content Delivery Networks (or CDNs), like Cloudflare or Fastly (the latter which was in the news for the wrong reasons last week). A CDN recreates a cached version of your website and hosts it closer to the user (for example In Singapore) so that the visitor does not have to visit the server location (in Dublin). It also has security features built-in, like diverting all traffic through a firewall.

 

4. Have an SSL Cert

All websites should have one – especially if you collect personal data. The SSL cert encrypts all user information from the browser and server. So if it’s stolen, the data is useless without the encryption key. SSL certs are also considered to be a signal to your web visitors that your website is safe, secure and legitimate.

 

5. Schedule Regular Backups

Just like with your IT system, regular backups of your website should be taken and stored securely. Most web developers use an enterprise cloud storage facility, but there are also third party plugins that can do this for you as well.

 

6. Create a Disaster Recovery (DR) Plan

Again, like with your IT system, you should have a Disaster Recovery Plan ready to go if the worst happens. You need to detail who, what, where and when so you can mitigate potential risks or loss of data, and get your website up and running quickly.

 

7. Be GDPR Compliant

If you don’t need to collect data, then don’t. If you collect data, for example through forms, then you need to follow the GDPR regulations, make sure people opt in for emails and have a privacy policy that sets out how the data is stored and processed.

 

For more information on how to protect your eCommerce website from cybersecurity threats, contact our Sales team or lo-call 0818 592 500.  


Related News


Dubber call recording and transcription AI
Helpdesk Engineer – Level 3

Helpdesk Engineer - Level 3 Overview Due to company growth and expansion, Radius are now seeking an additional experienced Level 3 Helpdesk Engineer. This role will support Radius clients across
Tips for Improved Password Security
Helpdesk Engineer – Level 2

Helpdesk Engineer - Level 2 Overview Due to company growth and expansion, Radius are now seeking an additional experienced Level 2 Helpdesk Engineer. This role will support Radius’ clients across
View All

Call our sales team now on LoCall 0818 592500.

Alternatively, please send us a message via the form below and we’ll call you back.

Get in Touch

Certified Excellence


Radius maintain both ISO quality and Information Security certification. With GDPR regulations now in force, it’s critical that your IT partner handles your organisation’s sensitive data with the highest of standards.

ISO Quality and Information Security certification requires rigorous processes to be embedded at the heart of everything we do. Radius is proud to maintain this standard, awarded to only the very top tier of IT service providers.

Industry leading partnerships

Radius is a gold Microsoft partner for Datacenter and Cloud Solutions, a preferred HP and Cisco partner and a Retail Excellence Ireland gold partner. These partnerships give us unrivalled access to the best technology to support our clients’ IT and Telecoms needs.