Online Shop Security: 5 Tips for the Security of Your Shop

Imagine you’re going through an airport security checkpoint. You’re already holding the plastic bag with the liquids in your hand. Now it’s your turn: your coat, shoes, and plastic bag go into one box. Your smartphone and notebook join the second box. Now you walk through the metal detector (luckily, no beeps!) while your two boxes slowly disappear on the conveyor belt into the X-ray machine. After a few minutes, everything is OK and you can board. What has just been described is very familiar to you. Can you imagine a similar security scenario for your emails or your login details? Your mind often stops working.

IT security is a key issue in today’s society. Our workplaces are everywhere. We shop on multiple devices and use other people’s Wi-Fi networks. Who can keep track of what’s happening with all that sensitive data? In this article, we’ve compiled the most important information for you.

Vulnerabilities and prevention

There are numerous risks you face when running an online store. It’s almost impossible to identify all vulnerabilities, but it’s still worth addressing the issue and finding out how to increase security. The biggest risks online retailers face include:

• Insecure passwords
• Use of outdated shop systems
• Web server settings (if any)
• Viruses and Trojans on the work computer
• Lack of security standards (e.g., SSL)

5 tips for online shop security

If you want to understand the topic of security, hacking, and data theft, you should try to put yourself in the shoes of a hacker. While there is no single hacker, nor is there a single method: the basis of all attacks is the exploration of vulnerabilities. Hackers have many options for detecting such security gaps. Below, we’ll show you 5 tips for online shop security:

Mausi!123: Good passwords work differently

The problem of passwords is often mentioned, but not always taken seriously. The most important passwords for shop operators are:

• Administrative access to the shop system (shop backend)
• Web server access data (if available)
• Database access data
• Possibly, marketplace access data (Amazon, eBay, etc.)
• Online banking access data

A simple password, possibly including uppercase and lowercase letters and numbers, is a step in the right direction. It becomes unfortunate when convenience wins. This can manifest itself in various ways, for example, if the password is used for a variety of sites or if the content is rather generic and thus also represents the password of numerous other people. This is both understandable and dangerous, because it makes it easier for attackers to access various accounts. Create rules for passwords (including for employees):

• User passwords should be at least 12 characters long, and administrator passwords for system administration should be at least 16 characters long.
• Passwords should contain at least uppercase and lowercase letters and numbers.
• Each account – computer login, online store, ERP, CRM, etc. – requires a unique password.

Phishing: Don’t bite!

Phishing emails designed to steal login credentials or install malware are unfortunately a common occurrence. Anyone can become a target of a scammer and receive fake emails or direct messages on social media urging you to click a link, download a file, or open an attachment. If you’re not careful, you could infect your device with malicious software, allowing attackers to steal your personal data.

Raise awareness among yourself and your employees about the importance of being critical—it’s better to ask too many questions than too few. Train employees to recognise phishing emails by highlighting typical characteristics.

MyCOMMERCE Tip:

Don’t publish the email address of your MyCOMMERCE account in your contact information. This may provoke phishing attacks. Always use an alternative email address for public display.

Flu in the system – danger from viruses

One shouldn’t let convenience paralyse one’s attention when it comes to the threat of viruses. A computer virus is a relatively old phenomenon. These are programs that, just like their biological counterparts, can implant themselves into a host, such as a computer system, and cause extreme damage. The colloquial term “computer viruses” also includes programs such as worms and Trojans.

A classic and well-known method of acquiring such malware is opening links or attachments in emails. Malware not only poses the risk of attacking the computer or the device in question. The programs can also contain a key logger, for example, that captures inputs and forwards them to the perpetrator – which, of course, can also be used to read access data to shop or inventory management systems.

Foregoing opening messages purely for security reasons is hardly the right way to protect the integrity of one’s system. The key here is antivirus software or a scanner. The range is diverse, with free and very expensive models available.

HTTPS certificates for your website

A completely secure key to a room can be all well and good, but it’s useless if the patio door is open. In other words, encrypting the internet connection with SSL certificates. The fact that a website transmits data encrypted can be recognized by the “https://” prefix within the URL. Without encryption, however, it’s “http://” – missing the “s,” which stands for secure.

Your MyCOMMERCE shop and MyCOMMERCE homepage are already protected with an SSL certificate. If your shop is added to your own website, you must purchase and install an SSL certificate yourself. An SSL certificate protects the data sent via your website – customer names, addresses, phone numbers, credit card details – from hacker attacks.

Working on the go: Open Wi-Fi for everyone!

Online retailers are often predestined to be able to work on the go. They rarely use their own mobile internet data allowance, as this is quickly consumed. Public Wi-Fi hotspots are the preferred method in these cases. However, these are often unsecured network connections – recognisable by the lack of encryption or a notice in the privacy policy. If this is the case, online retailers should be cautious and avoid entering sensitive information such as login credentials, nor should they access sensitive data. This poses a risk of being spied on.

If the use of public Wi-Fi is unavoidable, we recommend using a Virtual Private Network (VPN). This encrypts the data transmitted between the (mobile) device and the VPN server used, essentially creating a tunnel to the server.

Conclusion – Online Shop Security

The topic of online shop security should play a very important role for shop operators. As an online retailer, you are responsible not only for your own data, but also for that of your customers. In difficult cases, such as administering a web server yourself without in-depth knowledge, consulting experts can be useful.

Even small online retailers have various levers and switches they can use to ensure a sound IT security concept. A chain is only as strong as its weakest link.

Finally, a few general tips:

• Regular backups of all relevant data protect against serious consequences such as data loss.
• In light of ever-changing threats, software should always be kept up to date. Offers with updates and support are a precaution.
• When working on the go, in a hotel on vacation, on the train, etc., special precautions should be taken (e.g., secure Wi-Fi, VPN tunnels).
• Even if it sounds harsh, the greatest danger usually comes from your own employees. Train and sensitise your team early on.

You can find more information about creating an online shop here.

• Share on Facebook
• Share on Twitter
• Share on LinkedIn