eSecurity: Protect your Investment

Proactive Solutions

eSecurity: Protect your Investment

Recently, we published an article about domain access for website owners, called A Valet for Your Domain. That was only part of the story. eSecurity and digital protection extends far beyond access or password control. I’m no security professional, but I do know internets, so I have assembled a checklist that you can deploy to help make sure your digital interests are protected.

Nothing can damage brand trust, and therefore sales, like a security flaw or data breach. Bad publicity from data theft can be nearly impossible to overcome. At best, security issues can cause lost sales from downtime and lost revenues from in house labor and outsourced repairs. A little bit of organization and some basic planning can keep you ahead of the curve with proactive solutions.

You might already be covering most of the items on this list, or your IT department might have even more stringent methods in place. For new websites or web redesigns, check out our planning guide – but even if you’re not making big design or development changes you should make sure that someone is checking off this list or something like it.

I’m not in the business of rating or reviewing security software, there are plenty of services out there that already do that, so I won’t recommend any here. A quick search for the service name or security type will give you loads of choices and reviewers – consider having something in place for each item.

Nothing can damage brand trust, like a data breach.

Protocols, Practices and Insurance

eSecurity: Protect your Investment

There are three main areas where your security protocols can be enacted: your local system, your server and the connections between your customers and your website.

Your local system includes all of your in house computers, POS systems, registers and any devices that accesses your customer data, web server or related info. Consider using chip readers and the latest POS hardware for any retail transactions. Some of the steps you can take to protect yourself digitally include the most basic in computer security. Maintain up to date virus detection software, a physical firewall is preferred as well but at least a software version should be in use. Use best practice recommendations for password storage and updating. Perform regular security audits to make sure there aren’t new vulnerabilities in your software or hardware. Maintain a relationship with a security professional or developer who can provide emergency assistance to your in house team if needed. Most importantly, encourage your staff to stay up to date on security vulnerabilities and risks and what protocols they should perform in the event of a suspected or confirmed breach.

Your server, usually dispersed on hardware maintained by your hosting company, is where the software and database that makes up your website is kept. Aside from security measures like maintaining all platform updates and patches, you should also keep your SSL certificate up to date and valid. You should monitor or use a service that monitors blacklists to ensure your site isn’t listed there. Such services often include the capability to scan your server for injected SPAM or malware in your Website. One simple test is to perform a Google search for the phrase, “site:www.yourdomain.com” (using your own website, of course). The results will show you all the pages on your site – look through them to make sure none of them are marked as blacklisted or hacked and that there aren’t any you don’t recognize. To reassure your customers, use https on all the pages of any website that performs ecommerce or otherwise collects customer data. For platforms with custom shopping cart solutions, deploy secure cart software. Always test your site and your shopping cart on all major browsers and devices.

Your customer data is the most important information you have. Many ecommerce site owners chose to avoid storing any credit card information at all, leaving that risk solely in the hands of the merchant accounts that are best suited to protect it. If you do store credit card info, make sure it is encrypted and segmented from tracking details about the customers. Also, make sure that any printed pages or phone recordings containing credit card details are secure. As a final measure to protect you and your customers, employ cyber insurance or data breach insurance for your data and your transactions. Keep your insurer up to date with your software, data collection methods and any hardware, to be sure that you are properly covered.

Download our free eSecurity Checklist to help keep your information organized, but use care in where and how you store the file once it is filled out. Do not email documents with passwords in them and consider applying password protection to such files. Our checklist isn’t meant to be a comprehensive security guide, but it should help to give you perspective on the different areas of security you or your developer should be considering.

eSecurity: Protect your Investment

eSecurity Checklist

Protect your Investment

Download our free eSecurity Checklist.  Consider applying password protection. Our checklist isn’t meant to be a comprehensive security guide, but it will keep your information organized, give you perspective on the areas of security worth considering and provide peace of mind in the protection of your investment.

    Rich Harris
    Latest posts by Rich Harris (see all)