The risks
- Theft of customer information, such as addresses and payment card details.
- Website defacement – potentially including indecent, abusive, hate or terrorist images and messages.
- Denial of service attacks by criminals attempting to disrupt your business, typically to extort money.
- Damage to your reputation.
- Website failure due to infrastructure or power supply issues.
- A deliberate denial of service (DoS) or distributed denial of service (DDoS) attack.
Protect your website
If you are hosting your own website rather than using a third party hosting company, ensure that the hardware and software is secure:
- Use strong, protected passwords throughout the system. Do not leave any password set to its default value.
- Make sure the server is protected by an effective firewall and internet security software.
- Monitor log files carefully to spot any attempts at intrusion.
- Use the latest version of any ecommerce software. Old versions may have flaws that hackers can exploit.
- Delete defunct websites by having them taken down by the hosting company and all files deleted.
- Never store customers’ private information and credit card details on a public ecommerce server.
- Protect your SSL details and keep them secret.
- If you consider that your website may be vulnerable to a DoS or DDoS attack, locate and consult a DDoS protection specialist who has the relevant knowledge and tools to protect your business
- Consider using a professional penetration testing firm to test the defences on your ecommerce server.
If you use a third-party hosting provider:
- Review its security and availability policy and arrangements.
- Check that the service level agreement is adequate for your needs.
- Again, consider using a professional penetration firm to test the defences on your hosting company’s server.
.