Essential Security Tips for E-Commerce Shop Owners in 2019
For most e-commerce business owners in Australia, New Year’s resolutions might involve self-promises about increasing marketing efforts, hiring the best workers and implementing cost-cutting strategies.
While these are all smart resolutions to make for 2019, information security should not be ignored. Judging by just a couple of the cybercrime news stories that made headlines in 2018, it is not unreasonable to assume that 2019 will be equally challenging in terms of keeping e-commerce shops safe.
But before we get to the tips, let’s assess the scope of the problem.
Australian Teen Breached Apple’s Business Network
As reported by The Age in August 2018, a suburban teen from Melbourne was so enamored with the work of Apple’s software engineers that he decided to hack into the American company’s business network for the purpose of stealing not just proprietary information but also private customer data.
Appearing before Children’s Court, Crown prosecutors explained that the teen cyber criminal has been an accomplished hacker since the age of 16, but he was ultimately caught because he had not yet mastered a proper Media Access Control (MAC) address masking technique; as such, when Federal Police officers raided the youngster’s home, they retrieved MacBooks with the incriminating MAC address numbers.
It should be noted that Apple Music and its App Store are considered to be two of the world’s most valuable e-commerce shops.
Australian Magento E-Commerce Shops Highly Vulnerable to Cyber Attacks
Foregenix, a renowned international firm dedicated to information security research, released a troubling report in November 2018: nearly 80 percent of e-commerce shops using the popular Magento platform in Australia and New Zealand are vulnerable to common cyber attacks.
Researchers looked into 170,000 shops using Magento, which is perhaps one of the most popular e-commerce solutions in history, and determined that 90 percent using Magento 1 could be affected by the Shoplift exploit.
Another troubling finding was related to the presence of malware used by hackers to harvest credit and debit card numbers: more than 1,500 Magento shops in the study were infected by various versions of this particular attack.
A Positive Outlook for E-Commerce Sales in 2019
Despite spectacular headline news stories about cybercrime perpetrated against e-commerce operations, there is no question that online and mobile retail are quickly becoming the preferred shopping methods of the 21st century. No sane online entrepreneur should give up on e-commerce for fear of security breaches. It’s too big of a deal.
In fact, the Australian online retail market is projected to grow from a current $11 billion in annual sales to more than $16 billion by the end of the year 2022.
If anything, e-commerce shop owners across the Commonwealth should think about expanding their businesses while at the same time providing the best level of security for their customers.
With all this in mind, here are a few e-commerce security tips for Australian e-commerce operators in 2019; following and implementing these recommendations as part of a New Year’s resolution would be a smart move.
Enable HTTPS Connections at All Times
There was a time when HTTPS was mostly implemented on shopping cart pages or right before the payment and checkout stage; these days, online shoppers know better than to even visit websites that are not protected by this data encryption protocol. Widespread adoption of HTTPS was implemented in the wake of the Edward Snowden revelations about the American espionage apparatus, which also happened to involve Australia because the Commonwealth is part of the “Five Eyes” alliance made up of the United States, the United Kingdom, New Zealand, and Canada.
HTTPS has become the new standard of web security because hackers have learned that online connections without data encryption are fairly easy to breach. Enabling HTTPS is a matter of obtaining Secure Socket Layer certificates, setting up 301 redirects and updating all pages.
Block Malicious and Suspicious Incoming Traffic
More than 20 percent of internet traffic flowing into e-commerce shops these days is not generated by shoppers but rather malicious bots deployed by cybercrime outfits looking for weaknesses and vulnerabilities to exploit. Most of the time, malicious traffic is routed through servers based in China and Russia, two countries where hackers are known to be very active.
Traffic blocking rules based on geographical location tend to be effective. They can be set at the server or firewall level as a defensive measure. Another strategy is to detect scripting typically used by bots.
Educate Your Customers
As a shop proprietor, even of the online variety, there is at least a semblance of duty to help your customers stay safe while they browse your products or services. Consider devoting a section of your website to security tips, which should include getting a high quality virtual private network. We recommend this list of VPN services from Privacy Australia, a good resource for learning about privacy tools and cybersecurity precautions. Additionally, you should be aware of the latest phishing techniques, and keep up-to-date security software in place that scans for malware.
While the preceding might seem like an offbeat suggestion, think of it as creating goodwill towards your business and brand. In this increasingly frantic online marketing business, any kind consideration you show towards a customer might be the thing that keeps them coming back.
Choose the Right E-Commerce Platform
The aforementioned news story about Magento vulnerabilities should not dissuade e-commerce entrepreneurs from choosing this platform, which is considered to be among the best in terms of performance; the key is to pay attention to the developer channel and heed the security notices, patches, fixes, and upgrades.
Business owners who do not plan on being hands-on administrators of their shop’s back-end platforms may want to look for turnkey platforms such as Shopify because subscription costs include security updates. When evaluating platforms that reside in the cloud, it is also important to research the track record of the platform provider.
Security should always come before capacity and special features.
Implement a Solid Data Backup Solution
Data protection consists of more than just securing incoming connections and browsing sessions at the network level. Shop owners should also think about data replication as part of their overall protection strategy, and this means choosing an adequate backup solution.
Even though data backups are highly automated processes, don’t overlook checking the reliability of the solution with scheduled testing of backup integrity as well as ease of recovery. A highly recommended strategy includes virtual boot, a cloud-based feature that allows users to remotely access a workstation that was replicated on a “bare metal” basis, meaning that everything from the operating system to the folders and databases was backed up.
Aside from security, data backups are also ideal for disaster recovery planning in case of a cyber attack or a catastrophe that results in damaged hardware.