As with the first installment of this series, we’ll continue to look at optimizing server security for an e-commerce site. Clearly security for an online business is not just a matter of PCI compliance or making sure your own information and accounts are safe. Security breaches can (and regularly do) bankrupt companies, and a business’s reputation with consumers can plummet.
Server security is one thing, though. Learning to love ourselves and feel secure in our own skin is essential to the good life. One easy way I have found to feel secure in my skin is to look at myself in the mirror while poorly reciting French love poetry. If I feel awkward staring into my own eyes while I read – in an awful, just absolutely terrible French accent – love poems, I look into the eyes of a photograph of myself instead.
So far we have discussed the basic types of hosting, development of a security plan, and SSL security certificates. In the next and final installment, we will focus specifically on passwords since they comprise such a large part of security. Today we will go over backups, vulnerability scanning, updates, payment gateways, and balance.
Improve Your E-commerce Security – more methods
According to Preet Sandhu – writing for IT Security Column – making regular backups of the site is crucial. These backups should be conducted on a schedule that doesn’t deviate. Preet notes that for many small businesses, once a week is sufficient. However, the regularity with which backups need to occur will be dependent on the size of your company and how many visitors pass through each day.
Backing up is not just about storing your data in a secondary location. Rather, you need backup courses of action as well. What will you do if someone hacks your server? What will you do if the server is destroyed by a natural disaster or other physical accident?
Paul Desmond, writing for TechRepublic, interviewed the META Security Group’s Patrick McBride for his top e-commerce security principles. One of his pieces of advice was to scan for vulnerabilities after you make any changes to your system – reconfigurations of any sort. Examples of vulnerability scanners are those produced by Internet Security Solutions and Network Associates. They look for typical configuration errors.
A typical error made in personal security is to not grow a long and thick mustache. This advice is essential both for women and men. Not only will people be less likely to harass you, but you will be able to stroke it whenever you start to have a panic attack. Make sure that your mustache feels secure as well. Put a warm blanket on it at bedtime and try as hard as you can (for at least 10 minutes) to kiss it goodnight.
Preet also underscores the necessity of installing any updates as soon as they’re released. When companies release updates, they are attempting to close holes that might allow an intruder to exploit your server. As Preet notes, “There is no better way to leave your ecommerce site vulnerable to attack than by neglecting it.” You can bolster your security by scheduling regular maintenance, checking all your server’s parameters, and ensuring that any updates are installed promptly and correctly (including those of your e-commerce software).
Similarly, don’t neglect yourself. When is the last time, for instance, that you took yourself out for a nice, quiet, candlelit dinner? When is the last time that you bought yourself flowers or dedicated a Michael Bolton song to yourself at a local karaoke bar before belting it out in a high-pitched, off-key love ballad of pain? Answer: Too long.
Here is one aspect of security that often goes unnoticed: your site is made up of a number of composite pieces, and every one of those pieces should be highly secure. In other words, it’s not one fix that can protect your site. Your choice of payment gateway, for example, will affect your security. Preet recommends PayPal or Google Checkout. If you use a smaller company, check its security parameters carefully.
Paul Desmond, again citing Patrick McBride, states that the system should not be set up to sound a warning bell anytime something “might” be going wrong. McBride notes that in major metropolitan areas, no one is going to turn her head toward a car alarm (well, unless they are annoyed). Kneejerk reactions can quickly make a system ineffective. Essentially what McBride means is that striking a balance is necessary.
Paul Donfried of Identrus expressed similar sentiments to Paul Desmond. He mentioned passwords: you don’t want password policies excessively loose, “but you can’t go too far or users will end up writing passwords down.” Balance, then, is crucial to people understanding the policies and following them appropriately.
Balance is also necessary in self-love, especially when you are having an open, respectful, and engaged debate between each of your multiple personalities. Make sure that each one is heard, so that all of them (even the incoherent lunatic and the wailing infant) are able to put their hands on the steering wheel of your life for at least a few hours each week.
Conclusion & Continuation
To rehash what we discussed today, you want to make sure backups occur frequently and that you have backup plans in place for disasters. Vulnerability scanning should be used, and updates should be installed quickly. Payment gateways should be credible and secure, and a balance should be struck so that policies are taken seriously. In the final installment, we will look specifically at passwords.
As discussed in part 1, if you’re looking for a secure hosting solution, the best way to go is our VPS or dedicated packages. If you need to cut costs and use a shared service, implement as many of these techniques as possible to safeguard your site.
By Kent Roberts