Defusing Data Dangers: 8 Website and Ecommerce Security Tips

Cybercrime has reached epidemic proportions. In 2016, the global cost of cybercrime surpassed $450 billion, and it’s predicted that the annual cost of all data breaches will reach $2.1 trillion globally by 2019. Companies targeted by cybercriminals have a lot to lose – according to the Cisco 2017 Annual Cybersecurity Report, among organizations that experience attacks, 29% lose revenue, and as many as 38% lose more than 20% of their total revenue. 
But businesses aren’t the only victims of cybercrime, and your brand has more to lose than just money. When shoppers agree to do business with you, they trust your website security and that you will protect their valuable and potentially harmful information. Unfortunately, if your organization gets targeted, there’s a good chance that your customers may end up suffering the most.

Cybercriminals have your shoppers in their crosshairs.

Recently, a breach of one of the three largest credit agencies in the United States may have affected as many as 143 million customers. And while this particular breach is one for the record books, it’s far from being an isolated event. All businesses – large and small, B2B and B2C – are finding themselves under attack, with their sensitive customer and user information as the most common target.

Your customers’ personal information is valuable. For criminals, a stolen credit card number has obvious uses. But even well beyond that, relatively benign information found on the web, such as names, telephone numbers, email addresses, partial social security numbers, and so on, have interested buyers waiting to get their virtual hands on them — potentially causing no end of difficulties for the customers whose data has been compromised. Ensuring top-notch website security should therefore be one of your top priorities as a company.

Customers who lose personal information to cyberthieves may find their information sold to spammers and scammers, and be hounded via email and telephone for years to come. They may suffer the financial ramifications of credit fraud, which will damage their credit scores and accrue thousands of dollars in debt. Some victims may even find themselves liable for the crimes committed under their names. At the very least, data-theft victims will likely have to spend hours, days, weeks, or longer trying to track down and resolve the issues associated with their lost personal data.

For organizations that build their business on customer trust, failure to focus on website security is simply unacceptable.


Adopt these eight strategies help ensure customer data security.

Sharing information is a necessary part of doing business in the modern age. Most shoppers accept this, and are willing to trust your business with their sensitive data — as long as you are capable of protecting it. If you get your website security right, you’ll maintain customer trust and avoid detrimental consequences.

Here are eight tips for building an effective customer data-security strategy.


  1. Comply with regulatory standards.
    There’s a lot at stake when money changes hands, which is why customers want to know that you’re doing everything in your power to protect them and their data. By complying with industry and regulatory standards in regard to ecommerce security, your brand is not only demonstrating to your customers that you care about their safety, but you are also promoting responsible business practices within your organization.

  2. Leverage the most reliable security resources.
    From the moment your customer swipes a credit card or clicks “submit” on an online form, their data security becomes your responsibility. Investing in the right ecommerce security resources is essential to keeping that data safe. Point-to-point solutions encrypt credit card data from the first moment the card is swiped, all the way through the payment processor. Likewise, as focus continues to transition from in-store security to online security, antivirus and firewalls are only the beginning; intrusion detection systems, vulnerability monitoring, penetration tests, and other tools are all essential parts of the ecommerce security measures that keep sensitive data out of the hands of those who might misuse it.

  3. Use only PCI-compliant payment devices.
    The devices that process your in-store credit card transactions should always adhere to PCI compliance standards. PCI compliance standards are the set of rules and best practices designed to ensure that businesses are safely handling customer credit information. PCI security is standard across all business sizes and industries, and organizations that neglect PCI compliance could face potential fines and penalties, in addition to risking customer data security. Ensure you are following PCI security standards in order to avoid potentially catastrophic consequences.

  4. Train employees effectively.
    Your employees can be your most reliable firewall against data theft, but only if you train them correctly. After all, data security isn’t just the responsibility of your IT department; it’s the responsibility of everyone who works under your brand. Coordinate across your departments and offer regular security training, so that everyone in your company understands the essential parts they play in protecting customer data.

  5. Employ security best practices.
    Going hand in hand with employee security training, security best practices give your organization a standard set of rules it can follow to help minimize data risk. Setting restrictions on BYOD and employee access to data reduces the number of potential security weak points. Locking down office computers when not in use lessens some of the dangers associated with lost or stolen devices. Implement data protection policies throughout your company, so that employees can understand the most effective methods for keeping data secure.

  6. Educate your customers.
    Your employees and your systems aren’t the only potential targets for data thieves. Your customers themselves may be giving up valuable personal information when interacting with your brand. Keep your customers in the loop, and help them understand the risks associated with unsecured data. Sensitive data shared across unsecured digital channels (such as most email servers) may be intercepted and exploited. Educate your customer base to only share personal information on secure, encrypted systems, and to avoid sites that have subpar or nonexistent website security.

  7. Regularly purge customer records.
    When it comes to customer data, many organizations have the knee-jerk reaction of wanting to retain as much customer information as possible, for as long as possible. But while certain data offers analytics benefits, information such as credit card numbers, CVV2 codes, and social security numbers have no demographic significance whatsoever. Keeping this information on file for longer than is absolutely necessary to facilitate a transaction puts customers at significant risk in the event of a data breach. Regularly purge this kind of data from your systems.

  8. Stay up to date on updates.
    Your website security is of paramount importance. It may seem obvious, but keeping business software up to date is one of the most effective — and most often neglected — preventive actions a business can take to protect customer data. In addition to ensuring that security software is capable of deflecting newer, more innovative attacks, updates also address and repair known issues in business systems across all departments. Unfortunately, research suggests that more than 50% of business computers run outdated versions of key operating systems.

Bottom line? Protect your customers.

With every interaction, every communication, and every dollar exchanged, your customers create data — data that, in the wrong hands, could create no end of problems.

Your customers are the lifeblood of your brand. They trust you with their information, and they expect you to be able to keep it safe. Earn that trust. Protect it. And when cybercriminals target the people who keep you in business, have the strategies and tools in place to send them packing. For more information on how you can protect your customer data, check out Salesforce Commerce Cloud, and give your customers the data security they deserve.


Frequently Asked Questions


What security measures are taken by the e commerce websites?

Ecommerce site security measures include complying with statutory data safety norms and investing in reliable resources, e.g. encryption and PCI-compliant payment devices. Such sites must also train staff effectively, adopt security best practices, educate their customers, purge unneeded customer data and keep business software updated.

How can I secure my ecommerce website?

To secure your ecommerce website, you must comply with regulatory standards, leverage reliable digital security solutions and use PCI-compliant payment services. Other best practices include keeping business software updated, regularly purging unneeded customer data, training staff effectively and informing your customers on data safety.

What types of information do Ecommerce sites need to protect?

Ecommerce sites need to protect valuable customer information such as credit card numbers, CVV2 codes, and social security numbers. However, it's equally important to protect seemingly less sensitive information, such as customer names, telephone numbers, email addresses and other personally identifiable information.

See Commerce Cloud in Action

Learn how you can deliver a seamless customer experience with Commerce Cloud.