With the holiday season in full swing, now is the best time to learn how store owners can ensure secure purchases and operations during peak selling times. While the information security team here at Volusion can implement world-class security on our platform, there are four other critical areas where store owners can contribute to the overall security of their store.
Purchase and Implement an SSL Certificate
The most important action that store owners can take is to purchase and use an SSL certificate. An SSL (Secure Socket Layer) certificate protects your business by encrypting sensitive data on your online store. There are a number of options available when it comes to selecting an SSL certificate, so don’t delay in adding this component to your online store.
An SSL protects all traffic to your store by securely encrypting it to prevent attackers from eavesdropping. While Volusion uses its own SSL certificates to secure all communication related to payment processing, your certificate protects all other aspects of the customer’s shopping interactions. Additionally, there are three options storeowners can select to ensure the SSL is being used throughout the process. These can be found in the store admin area under Settings > Config Variables. They are Force Secure Logins, Force Secure Registration and Force Secure Cart / Checkout. Each of these should be enabled for maximum protection.
Create Effective Passwords
One of the easiest steps a store owner can take to improve security is to use a secure password for any administrative access to the store. A secure password is difficult or impossible to guess, long and complex enough to withstand an attack and changed periodically (we suggest every 90 days). Many times when a hacker compromises a site, they use the username and passwords they collect in other locations to see if they work. Because of this, a secure password should not be used for any other sites. Of course, after a handful of sites (and therefore passwords), it quickly becomes difficult to remember which password belongs to which site. Luckily, there are a number of easy-to-use password manager applications to help you remember passwords and even automatically enter them when you visit a site.
Secure the Machines Accessing Your Store
If a hacker can compromise your home computer, they can likely get the username and password used to control your store. Because of this, protecting these machines is just as important as your store. Hackers are similar to most other criminals. They will often seek the easiest targets and will avoid most targets that present a solid defense. Follow these steps to make it significantly harder for hackers to breach your store security:
- Make sure patches for operating systems and applications are applied as soon as they are available. This will provide protection against most known vulnerabilities targeted by hackers.
- Use a respected security solution to protect against viruses and malware.
- Update your software frequently and perform periodic scans for any malicious activity.
Don’t Store Sensitive Data
Just as you rely on your bank to keep your money safe, let Volusion securely store all of your shopper data. If you need to collect information to process a phone order, enter it directly into the Volusion admin area so it is never stored on your computer. Any storage of customer data can have PCI compliance issues and data breach notification consequences if there is suspicion that your computer was compromised. This can all be avoided by storing the data in the safest possible place, your Volusion store.
Store security can seem like an overwhelming task to a beginner, but it is essential to the success of your online business, especially during the holidays. By using the Volusion platform, you have already taken a huge step in securing your business. By following these simple steps, you can ensure a safe and successful remainder of 2015!