How to choose a platform that will take care of the security of your online store?

One of the most important decisions to be made when setting up an online store is the choice of the eCommerce platform on which it will be built. When making this decision, the owner considers numerous aspects: from the available functionality, to the cost of use (purchase and use of licenses), to the ease of setting up and launching (that is, determines the time it will take to get started). However, not every entrepreneur considers an issue that, in these highly digitized times, should be crucial - namely, the security of the online store. Below we explain why this aspect should also be taken into account, and describe how to approach it.

Why is eCommerce security so important?

Phishing, ransomware attacks, DDoS (Distributed Denial of Service, i.e. temporary seizure of all free resources to prevent operation), data leaks and theft - these are not hypothetical events, but situations that really happen on the Internet, and which usually bring dire consequences for an online store (especially a small or medium-sized one, whose infrastructure is often, due to fewer resources and capabilities, less protected). Why? Because your customers provide the platform with a range of personal information (primarily credit card or bank account numbers) necessary to place an order, and which could potentially be of interest to online criminals.

But eCommerce users trust you to provide them with a secure shopping experience - and a possible cyberattack is a ready recipe for losing their trust built up over a long period of time. As a consequence? There will be image and financial losses (for reasons such as loss of customers or revenue due to the length of time your store is unavailable). Sometimes even legal action is taken against the company (such as having to compensate customers after an incident). None of these outcomes have a positive impact on the business being run.

To avoid this type of situation, online stores opt for a number of steps: they set up two-step verification on their accounts, implement additional security measures on their servers (such as IP address blockers or VPs), or install antivirus software. Although these actions are important, they are only the tip of the iceberg. At a time when cyber attacks on the Internet occur on average once every 39 seconds (according to Cybint News statistics), it is worthwhile to approach e-commerce security comprehensively. First, consider choosing a platform that puts security at the forefront.

Platform selection vs. security - what to consider?

It can be noted that the available online platforms (both open source and SaaS) approach the topic of cyber security differently - some are known to put more emphasis on this area, while others treat it as mandatory but not a priority. However, there is no doubt that for any online store, this issue should be crucial due to the severe consequences of a possible hacking attack. So what issues should we take into account to make sure we put our eCommerce on a fully secure platform? We outline the most important ones below.

Regular updates

In the case of some platforms, we can be sure that they employ specialists who regularly investigate whether certain security vulnerabilities have appeared - and if so, create a patch to take advantage of. In the case of open source platforms, we can also count on the vigilance of the community around the software, which monitors the level of risk on an ongoing basis. This is because then, for example, there is an update message telling us to download or install a new version of the software. Why is this so important? Because hackers usually exploit precisely these security vulnerabilities to launch attacks. This fact should be of particular concern to any online store, because according to Internet security company Sansec, 82% of stores where malware appeared were using an unsupported version of the product (i.e. they did not comply with the platform provider's recommendations).

So choose a vendor that proactively maintains and supports your platform to enhance security to protect yourself from the consequences of vulnerabilities. Also, make sure that the software also allows you to prevent threats yourself, which will allow you to maintain flexibility in managing your platform. In many ways - counterintuitively - an open source version may be better in this regard, as the rich community around it is constantly nurturing the development of the product, including in such a sensitive area as security.

Tools to support security

It's also worth checking whether the platform supports the security of the online store by releasing specially created tools for this purpose, available both for free and for a fee.

For example, if you're using Magento Open Source or Adobe Commerce, there's a free Magento Security Scan Tool available to you from 2020, which helps to enhance website security. Its capabilities are comprehensive: from detecting malware, to finding security misconfigurations, to picking out potential eCommerce security vulnerabilities - all thanks to the fact that the functionality performs an automatic security scan of the site to identify potential vulnerabilities, security threats and configuration weaknesses.

This type of scan can be performed on a regular basis, examining what the current situation is. Each time this process is followed by a detailed report that outlines any security problems detected, along with recommendations for countermeasures and best practices for securing the site. Consequently, this type of tool allows you to rectify the situation before an attack occurs, which can certainly bring a number of benefits to your store.

The tool created by Adobe - as confirmed by users - definitely provides valuable support in identifying common security issues. So when choosing a platform, it's worth verifying whether other vendors offer this type of solution.

Back-up

It goes without saying that in order to take care of the security of your online store, you should regularly create backups to restore the state before the attack (which is also useful in case of an internal server failure, employee error or when testing new solutions). In this regard, figure out what back-up capabilities the platforms you are considering offer. Investigate in particular:

• Whether the platform is equipped with an automatic backup feature,
• Whether you can back up your online store yourself, and
• does the backup require you to pay additional fees?

Analyzing the different platforms in this regard, you are bound to come across significant differences confirming which solution will allow you to back up simply and quickly, providing a higher level of security.

Platform history and user reviews

Before deciding on a particular online platform, research two more areas - first, search Google for past security incidents, and then check the user reviews available online. Why conduct these two more steps? Analyzing the history will show you how often the platform updates its software, how quickly it responds to emerging breaches, and, most importantly, what its previous (if any, of course) experience with security breaches is. What is important is not only what the scale of the problems was, but also the consequences for companies like yours.

Reading reviews and feedback from other users will, in turn, give you an idea of their experience with the security of the platform. You should definitely take the power of social proof into account when making any decision.

SSL Certificate

The next point mentioned may seem obvious, but still not all stores have an SSL certificate. Secure Sockets Layer is a basic solution that provides data encryption between the customer's browser and the server - this is how it protects sensitive information (such as login, credit card and other personal data, among others). For this reason, before choosing a platform on which to put your online store, definitely check whether the options you are considering offer a free or paid SSL certificate.

SLA services

If, despite the implemented solutions and specialized tools, you want to maximize the sense of security of the platform, it is also worthwhile to use the help of specialists. Additional protection will be provided by signing an SLA (Service Legal Agreement) with, for example, a trusted software house. What do you gain by deciding on such a step? SLA services guarantee continuous support in detecting and resolving possible failures within the agreed scope. Thanks to the fact that the platform is under constant care, you can minimize the reaction time needed to identify the problem. In addition, you are assured that possible errors will be fixed as soon as possible, which your store's customers will certainly appreciate. All this properly confirmed by regular reports.

Security of the online store - summary

Cyber security is an area of operation in the eCommerce world - whether of individual users, stores or online platforms - whose importance is only increasing year by year. Since potential shortcomings related to this issue can negatively affect the functioning of your eCommerce store, it is definitely worthwhile to investigate in advance, i.e., for example, when choosing an eCommerce platform, how the provider provides the necessary support. However, you can't stop there. What else is worth doing? To ensure the highest possible level of security, it may also be a good idea to turn to specialists in this area. Regular audits, signing an SLA or hiring a permanent cyber security person are the best ways to take care of your customers and their data.