6 steps to secure your ecommerce website

November 10, 2020

By Kirsten Queen

As we gear up for the holiday season, now is the time to get your website ready for online shopping. Salesforce has already predicted that 30% of global retail sales will be made through digital channels this upcoming holiday season. And data breaches and hacking are on the rise for retailers. Now, more than ever, it’s time to look at securing your website and making it safer for online shoppers. Take these six steps to secure and protect your ecommerce website. 

1. Set up SSL

One of the most important things you can do is add another layer of security to your website. As you browse the web, you may notice that different websites have either HTTP or HTTPS. HTTP stands for Hyper Text Transfer Protocol and is a set of rules used to allow electronic devices to communicate with each other over the internet. When websites add in a security protocol to authenticate browsers and ensure browsers communicate securely with the web server, it becomes HTTPS.

This is thanks to an SSL certificate (also known as a TLS), or a data file that makes it possible to encrypt a website with SSL/TSL. This encryption makes it safer for your customers to shop online, encrypting their financial data to protect it from getting hacked. There are a variety of different SSL certificates, so start by determining which certificate your business needs. Then, your next step is to get an SSL certificate. While costs vary, there are also free options out there. Make sure to consult with your IT team about what kind of SSL certificate is best for your team and how to get it installed. 

2. Be PCI compliant

Since you will likely be handling debit and credit cards, you also need to have PCI compliance implemented by the Payment Card Industry Data Security Standard and founded to protect consumers and protect business from data breaches. Achieving compliance includes using firewalls, isolating cardholder data, and using antivirus software. 

3. Manage access to your website

It’s a good idea to regularly review who has access to your website. For one, you have no idea what kinds of passwords the editors or people working on the backend of your site have set up. They could be weak – which means that your website could be hacked. Encourage your employees and consultants to set up strong and unique passwords and remove access from anyone who is no longer with your organization or working for you. Additionally, many content management systems offer different levels of access to your website, so establish some standard operating procedures around how new employees, consultants, or freelancers are given access to your website.

4. Keep your website updated

Just like any system, your website is susceptible to malware, and even big players in the ecommerce space can get hacked. By taking precautions and regularly applying updates to your content management system and any plugins you use, you can take major steps to protecting your ecommerce store. Not only will this provide a better user experience, it can also help prevent holes in your software that a hacker could take advantage of. Make sure to regularly run tests on your website for any vulnerabilities. It’s also a good idea to use security software to protect your website. This type of software will scan and audit your website and protect against malware. 

5. Practice good cybersecurity in your organization

Risks to your organization and website can come from inside if your employees are unaware of best practices for cybersecurity. Educate them about what phishing and social engineering attacks look like. Make sure any employees that come into contact with customer data know how to protect it. 

6. Keep only what you need

When it comes to data, the more you have, the more likely you are to get hacked. You should only hold on to exactly what you need in order to run your business: complete orders, issue refunds for returns, etc. And with more and more legislation getting passed to protect consumer data, it’s in your best interest to think about how and why you store customer data. 

Getting your website ready for the holiday season is paramount for conducting safe and secure business and taking advantage of the influx of online shoppers this year. By practicing cybersecurity in your ecommerce store, you can work to keep both your business and your customers safe this holiday season and beyond. Happy holiday shopping!


This blog is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided "as is" without any warranty or condition of any kind, either express or implied. Use of this information is at the end user's own risk. CenturyLink does not warrant that the information will meet the end user's requirements or that the implementation or usage of this information will result in the desired outcome of the end user. All third party company and product or service names referenced in this article are for identification purposes only and do not imply endorsement or affiliation with CenturyLink. This document represents CenturyLink's products and offerings as of the date of issue. Services not available everywhere. CenturyLink may change or cancel products and services or substitute similar products and services at its sole discretion without notice. ©2020 CenturyLink. All Rights Reserved.

Was this article helpful?