Security isn’t just an empty sentiment when it comes to e-commerce ; it’s a way of life. Companies who take online security seriously have better reputations and earn customers’ trust more easily. Playing fast and loose with data security online can subject businesses to all sorts of trouble, including lawsuits and admonitions from congressional watchdogs, as the Securities and Exchange Commission found in April.
Because the difference between great security and bad is either a superb reputation or legal trouble, you probably know that you need to get on top of your online security, but you may not know where to start. Here are five security to-dos that every online merchant needs to knock out.
1. Secure your devices.
In the past, online security experts focused on securing desktop computers and servers. While that’s still important, keeping mobile devices like smartphones and tablets up to date and secure is just as important.
A Consumer Reports survey found that more than a third (34%) of Americans have no security in place on their smartphones – not even a code to unlock the screen. That leaves 1/3 of lost or stolen phones vulnerable to prying eyes, and if those phones are used to access an online business’s secure data, it leaves that data vulnerable as well.
Methods for protecting mobile devices are well-documented: get all the latest spyware, malware and virus protection you can; don’t open unexpected files or attachments; and don’t download programs or apps you don’t recognize.
There’s more you can do as well. With asset tags like TechTagger, you can put a unique QR code or alphanumeric code directly on your device. That way, if it’s lost, the person who finds it can scan the code and let you know that they have it. You can then tell them how to get it to you, returning the device – and the data it has accessed – back under your watchful eye.
2. Make sure every piece of data on every device is encrypted.
Of course, cybercriminals can attack an online business without having any device in their possession, so your job doesn’t end with basic mobile security.
You should already have secure wireless connections, plus updated firewalls and security apps, but these are often found to have vulnerabilities. To keep your customer and business data completely secure, you’ll also need to get to know encryption protocols.
PC World has a great guide on how to encrypt anything from your internet traffic to your thumb drives. With all your data encrypted, criminals will have a hard time deciphering your data, even if they can access it.
3. Get rid of unnecessary data.
The best way to keep data out of the wrong hands is to delete it when you no longer need it.
Conduct an audit of all the information you keep on customers, suppliers, partners, employees and whomever else – anything you wouldn’t want to publish in a blog. Delete anything you won’t use, and encrypt whatever you deem sensitive.
Remember to encrypt even the unnecessary stuff before you delete it, though – criminals can restore deleted files and glean critical information from them.
4. Ensure users and employees adopt long passwords.
Create and implement a strong password culture among your employees.
Passwords are the first line of defense on physical devices, on encryption software, on cloud-based apps and much more. If employees understand the importance of long passwords that feature numbers, letters, and punctuation marks and are changed regularly, they will be more likely to use them. Refer your employees to Farhad Manjoo’s easy, secure procedure for new passwords.
If you apply the same principles to your customers, you’ll have two levels of effective password protection. Require your customers to use strong passwords, and prompt them to change their passwords regularly. That way, cybercriminals can’t access your data through one of the weakest links – customers who are too apathetic or busy to create strong passwords.
5. Update all of your apps, programs, and devices.
Maintain up-to-date security apps, programs, and devices. Security companies are constantly identifying and neutralizing new threats, and those updates are critical to keeping your online business secure. Don’t wait for the free time to update, make time for it.
Every security to-do list for online merchants should primarily be occupied with keeping data safe. Yes, it’s important to keep mobile devices and laptops secure, if only because they access that critical data, but ultimately, data security should be your highest priority.
A reputation for problem-free transactions can help improve your sales figures over the long term, which is what matters most to merchants of all kinds – online and off.