5 Tips for Keeping Your Website and Customer Data Safe During the Holidays
We’ve witnessed record-breaking security breaches this year against e-commerce sites. Regardless of size and IT security budget, no company is 100 percent immune from risk. Yet the reality is that many of the breaches in 2011 were preventable.
With the busiest online shopping period of the year in full swing, have you made sure your customers’ credit card data and personally identifiable information (PII) is as secure as it could be? Below are five tips for online retailers to help them prevent their websites from being hacked and to keep their customer data safe this holiday season and beyond:
1. Follow PCI DSS guidelines for processing sensitive customer data. Online retailers are required to comply with PCI guidelines for processing customer credit card data. You should safeguard other PII data equally well. Hackers continue to target personal information — which hasn’t historically been held to the same security standards — for use in phishing campaigns. Web merchants without the resources to manage PCI compliance internally should outsource their checkout process to a PCI-compliant service provider like PayPal.
2. Upgrade your server software. Low-level software vulnerabilities occurring on the servers powering your network and websites create an easy point of entry for hackers. Fortunately, these old-school techniques for accessing sensitive information can easily be fixed by ensuring your system software is up to date. For example, if it’s a LAMP server, then upgrade your Linux kernel and make sure your MySQL, Apache and PHP are up to date.
3. Update your e-commerce software. Beyond keeping your system software current, ensure your front-end software, including social commerce plug-ins and forum and shopping cart software, is always up to date. Be sure to remove any old software that you previously installed but is no longer in use. If you write your own software, be sure to have it screened for security vulnerabilities.