eCommerce website security is a significant issue that every store owner faces. The rules regulating responsibility for customers data safety become stricter every year. Unwanted invasion and DDoS attacks are the nightmares for merchants today because a lot of personal data can be stolen.
While the new lows struggle for protecting users, merchants have to struggle for protecting their websites to avoid data loss. There a lot of specific software for e-commerce websites security but “human factor” is one of the most common reasons for websites hacks.
There are simple rules that most store owners forget about. The comprehensive software won’t help if basic rules aren’t followed.
Basic Security Rules for Online Stores
- Use complex passwords and logins.
It is one of the most common mistakes that everyone forgets about. Use strong passwords with numbers, capital letters, special symbols. No “admin123”, even no “admin12345678”. Really, do not make it so easy to hack your website or staff accounts.
- Use encrypted connections (SSL)
There is no place for regular http in e-commerce anymore. When users log in to your e-commerce store they enter their e-mail, name, phone or any other personal information. All transferring data must be encrypted. Use https only at your online store.
- Create a custom path for admin panel.
All CMS have standard paths to log in Admin area. Change them and make it harder to even find the URL of the admin panel.
- Reset fired employees access.
If you have a big number of employees, think about the process of changing and resetting the log in information after firing an employee. If you have, for example, the same access for all store managers, change them too.
- Determine user’s role in the admin area of Magento store.
Open specific admin area folders according to the work that your employee is doing. For example, there is no need to open Customers or Orders section for the content manager. Or to open the Configuration section for the orders’ managers.
- Be care of doing screenshots via browser apps.
There are lots of apps for browsers for doing screenshots. They are quite usable because of full-page screen options and shareable links. But they aren’t perfect from the security point of view when making screenshots from websites admin area. Use traditional methods of making screenshots and use safety channels to transfer them.
- Remove sensitive data from screenshots in manuals, instructions, and other documents or posts.
When making blog posts, instructions for the staff, manuals for the digital products, it can be needed to provide some screenshots. Remove extra data such as account ID, names, contacts, admin area paths with the help of image editors.
- Check settings sharing Google Docs and others similar services.
Provide access only to specific people in Google Docs, log in must be required. Otherwise, your documents under the risk to be indexed and shown in search results pages of some search engines.
Share your security rules in the comments below!