Securing your ecommerce website against attacks


With regular reports of cybercriminals stealing credit card data and other sensitive information it’s essential to protect your ecommerce website. A breach will not only cost a business in major fines but it will also affect customer trust. Therefore it’s imperative to know how to protect your ebusiness and your customer data. The following are a few key steps retailers can take to keep their website safe from cybercrime.


Secure your traffic

TLS is an encryption protocol to encrypt data in transit. It is highly recommended that Transport Layer Security (TLS v1.2 is recommended) is used to secure your web traffic. TLS v1.0 (and its predecessor SSL v3.0) are now obsolete. All sensitive communications between your customer and your servers should be protected by encryption, significantly reducing the risk of data theft. Many shoppers now look for secure sites when making purchases, and implementing Secure TLS security will ensure that they can trust your site to protect their data.


Patches and updates

Make sure your web servers and supported infrastructure is running the latest updates and patches. This ensures that your systems are not vulnerable to known attacks that could result in significant down time. If you use a third party to manage any part of your website, make sure they have a good vulnerability management program in place.


DDoS Protection

Contact your ISP and discuss your options against Distributed Denial of Service attacks. These attacks flood websites with traffic until they are no longer able to receive genuine requests, effectively bringing the website down. There are tools available to help you monitor your web traffic that would help you identify any spikes in demand. Furthermore there are also third party companies that offer DDoS protection services as a paid for service.


Scan and test

If you want to be certain about the security of your website, vulnerability scans and penetration tests will determine if your website has any vulnerabilities that could be exploited by Cybercriminals. Regularly scan systems as part of your vulnerability management program, to ensure you are not caught unaware that you could be providing insecure services to customers.


Have an incident response plan

To be able to deal with the worst, you will need to plan ahead. In case there is an incident you need to ensure you have an Incident Response Plan (IRP) in place. This details a process to follow to ensure your business processes are up and running as soon as possible. In the case for online retailers, this plan may include a backup/failover website, so the website is made available in minimum time.


Webpage URL

Find out more about our PCI DSS compliance services by clicking the button below