Data Privacy Day is coming up on January 28th — but what exactly does data privacy mean to an online store? In fact, it’s a very important element of safety for both you and your customers. Read on to see our top seven tips that merchants (or anyone) can use to protect themselves in the coming year from our head of information security, Lance Wright.
2017 saw reports of some of the largest compromises of personal data ever. Equifax reported that its systems were compromised, and attackers walked away with the personal data for over 143 million people. A similar situation played out for Uber (57 million users), IHG (guest data for 1200 hotels around the world) and Yahoo (3 billion users). Needless to say, it is more important now than ever to do everything you can to protect yourself, your business and your privacy. Here are our top 7 tips to do just that.
1. Update your computer/phone/tablet
If Equifax would have heeded tip #1, they would have saved themselves — and most Americans — a massive headache. Attackers used a vulnerability that Microsoft had patched months earlier to compromise Equifax systems and your data. Learn from them: set your PC to automatically apply updates. Macs do so by default but you may want to check and be sure. Most phones notify you of an update, so go ahead and apply those when you get the alert. By having up-to-date security software on your computer, you can make sure that the store you run from your device is safe as well. Luckily for Volusion merchants, we constantly apply updates to the systems your store is hosted on to ensure it stays safe.
Ransomware is a particularly evil type of malware that encrypts the files on your computer unless you pay the attacker for the key.
2. Devices on lockdown
You’ve patched your computer and phone so there’s nothing to worry about, right? Wrong. You still need to use a solid solution to protect from malware and viruses. While not a silver bullet for all attacks, the best solutions will still be much better than nothing at all. 2017 might be considered the breakout year for ransomware. Ransomware is a particularly evil type of malware that encrypts the files on your computer unless you pay the attacker for the key. Theoretically, ransomware attackers could hold your customers’ information hostage as well. (Spoiler alert: the attackers almost never help, even if you pay, which is why the FBI says not to.) Save yourself the hassle and install and update a reputable endpoint security solution like Volusion does with all its systems.
3. Monitor and/or freeze your credit
A great step you can take to prevent your identity from being stolen is to apply a credit freeze with the major credit bureaus (yes, including the one that got hacked). Noted security expert Brian Krebs explains how and why in his article, which is worth the read. Additionally (or alternatively) you can apply for any number of available services to monitor your credit to detect potential identity theft and alert you if changes occur.
Safeguarding credit card data is obviously important to shoppers as well, which is why Volusion uses a similar security strategy in utilizing both prevention and detection approaches to safeguarding shopper data. You can also protect shoppers’ information by never sharing it outside your site, especially by never writing credit card data down or sending it over non-HTTPS sites.
4. Be careful what you share
In today’s online world, access to information is easier than ever. That’s true for the bad guys as well. For the privacy-minded, there are a number of ways to protect yourself online. For your browser you should use the Privacy Badger addon, which is a project of the Electronic Frontier Foundation. It protects you from third parties who use various methods to track where you go and what you look at on the web.
uBlock and Ghostery are also great options for extensions to improve your browser privacy. (And they’re all free!) You should also lock down your social media accounts to ensure you share only what you want with who you want. Wired has a great article on how to lock down your Facebook account. Follow the same principles for your social media platform of choice. When your information is safe, the information of all your customers is even more secure.
Just like your toothbrush, passwords should be chosen carefully, never shared (with other people or between sites) and changed regularly.
5. Practice good hygiene
Just like brushing your teeth, using good data hygiene is important and overlooked by those who end up paying later. And just like your toothbrush, passwords should be chosen carefully, never shared (with other people or between sites) and changed regularly. Given how many passwords you may need, a good password manager is an essential tool in protecting privacy. This will allow you to have a secure (and unique) password for every application or website. Volusion builds strong password requirements into your store’s admin area to ensure good password hygiene. Additionally, you can help your customers practice good data hygiene by setting up certain password parameters on their accounts or encouraging them to use unique passwords when they set them up on your store.
6. Is it too late?
So: you’ve done everything here and you want to know if something slipped through the cracks. Check out haveibeenpwned.com. You can enter your email and/or username and it will tell you if your information is among the trove of compromised data Troy Hunt has meticulously collected. Don’t forget to click on the “Notify Me” tab and add your information here so you can get an email if your data shows up in future breaches. If your email address has been compromised, it may be good to take an extra close look at your site and make sure everything seems like it’s still secure and running smoothly.
7. Three letters to better web privacy
Did you know that, as of April 2017, your ISP can sell your web browsing history without your explicit permission? Even if you only use secure (HTTPS) sites (And you do that everywhere, right?), your ISP still knows what domains you are visiting. Not to mention the providers you use when you connect to Wifi hotspots at the coffee shop or airport. Protect yourself with VPN.
If you aren’t familiar, VPNs work by sending all your web traffic over an encrypted connection to your VPN provider who then sends it to the intended recipient. Your ISP will only see a bunch of traffic it can’t read going to the same place. It is important to use a VPN provider you can trust since they will see all the traffic your ISP doesn’t. Check out this article for some great options. While this may not seem to directly affect your store, once again your personal privacy is a gateway into your ecommerce business and, in turn, your customers’ private data. It’s always good to remain vigilant.
Do you have any questions about maintaining data privacy? Let us know in the comments!