by As e-commerce continues to grow, so does the amount of personal information collected and stored by these companies. This puts many ecommerce businesses, especially smaller ones, at increased risk of cyberattacks, privacy breaches, and other security threats.
To protect both their customers and their own reputation, e-commerce businesses need to implement strong cybersecurity protocols. Below, 15 members of the Forbes Technology Council give their recommendations. By taking these steps, e-commerce companies can better protect their customers’ personal information and prevent potentially devastating cyberattacks.
Members pictured left to right.
Photos courtesy of each member.
1. Implement privacy by design
“Privacy by design” means that you will not compromise the organization by collecting or processing data in a way that could result in a data breach. For example, data should be encrypted at rest and in transit, with the key for that data stored with the user. In this way, the processor does not have access to the data without the user being involved and agreeing to the transaction. – Michael Engle, 1Cosmos
2. Know and control your data
It comes down to knowing your data (customers, employees, secrets, finances, etc.) and being in control of your data (what do you do once you have identified them?). Any company that collects, processes and/or stores customer information must be able to understand the data it has – who it is, what it is and where it is – and take steps to protect it and at the same time to comply with legal regulations. – Dimitri Sirota, BigID
The Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology leaders. Am I Qualified?
3. Focus on first-party data management
Ecommerce businesses should review how they create, manage, and own first-party data to ensure it’s protected and that they comply with local laws around the world. Continuing to focus on third-party data strategies or building data partnerships that put consumer data at risk should be frowned upon. – Bill Bruno, D4t4 Solutions
4. Practice data rationalization
The low-hanging fruit is data rationalization. Store only the data for which your company can define a value. You don’t need to back up data you don’t keep. For data that has a defined value, weigh that value against the cost of keeping it safe, the need for cyber insurance, and the cost of a breach. If the cost outweighs the value, delete it. – Joe Onisick, TransformationCONTINUUM
5. Think of cybersecurity as part of risk management
Businesses need to think of cybersecurity as risk management. It is crucial to create a plan for when they will be a target. When an organization begins to view cybersecurity as a risk management process, it will recognize the need for an established framework that constantly reviews the environment. Developing this framework for risk management around cybersecurity will go a long way. – Chris Schueler, Simeio
6. Buy access to or build secure infrastructure
The three questions ecommerce businesses need to ask themselves are 1. do they need the data, 2. do they need the data, how do they store it (e.g. is it encrypted), and 3. how do they prevent malicious ones Prevent actors from accessing the data. For the third point, e-commerce companies need to use or build a secure infrastructure, either by subscribing to an external service or building it in-house. In our company we also have a team of QA analysts and regularly hire white hat hackers. – Greg Soh, RoadFlex
7. Store only business-critical data
E-commerce companies need to base their cybersecurity strategies on a comprehensive database, regularly re-evaluate the data they have, and continuously monitor their security posture over time. Storing and backing up only business-critical data and eliminating unnecessary data reduces risk, improves performance and reduces environmental impact. – Stephen Cavey, Soil Laboratories
8. Conduct regular PII audits
An intelligent cybersecurity strategy consists of three key steps: identifying what personal data applies to your organization, determining how that data is stored in encrypted form at rest, and reviewing how data is encrypted in transit. The strategy should include identifying an in-house subject matter expert who can lead this initiative, raising awareness of PII among employees, conducting regular audits, and optimizing to stay current. – Raja Epsilon, WrkSpot
9. Prepare an Incident Response Plan
An important cybersecurity protocol for e-commerce businesses is the implementation of secure data storage. This includes encrypting sensitive customer information, regular data backups and implementing strict access controls to prevent unauthorized access to the data. In addition, organizations should regularly monitor their systems for potential breaches and have incident response plans in place. – Satish Shetty, Codeproof Technologies Inc
10. Use encryption everywhere
Start with HTTPS inside your microservice and externally; This ensures that the transmitted data is encrypted. My typical guide is to keep the data encrypted at all times until ready to be analyzed or viewed. Rotate encryption keys routinely and don’t keep data forever—archive it if you must, using a different encryption key for each step. – Varun Singh, daily
11. Use TLS and AES encryption strategies
Data encryption is an essential cybersecurity protocol for e-commerce businesses to protect customer data. It turns sensitive information into code to prevent unauthorized access. Encryption protects against cyberattacks and is a key component of a comprehensive cybersecurity strategy. Ecommerce businesses should use appropriate encryption methods such as TLS for online transactions or AES for data at rest. – Imane Adel, Paymob
12. Explore post-quantum cryptography
E-commerce businesses should encrypt sensitive data in transit and at rest, using NIST-awarded quantum-resistant cryptographic algorithms. Quantum-resistant algorithms and quantum-secure solutions prevent unauthorized access and data breaches. Post-quantum solutions ensure the security of encrypted data from quantum computing attacks and steal-now-decrypt-later attacks. – Tracy Levine, SonKsuru
13. Use proper key management
It is important to employ proper key management. The biggest problem companies face today is disclosure of personal data in case of compromise and the reason is that everyone is focusing on encryption solutions. Most regulations state that critical data and/or personal data must be encrypted, which most companies do; However, they are silent about key management. – Eric Cole, Safe Anchor Advice
14. Carefully protect access to production data
Invest in encryption in transit and at rest, especially for personal data (TLS/AES-256). Make sure only the right people have access to production data. Add a layer of application and/or database encryption and decryption for very sensitive data (like credit cards, social security numbers, etc.). – Sreenivasan Iyer, Antares Vision Group (RfXcel)
15. Look for a robust data security tool
E-commerce companies process large amounts of sensitive data, such as B. personal data, which makes them vulnerable to criminals. In addition, the sheer volume of transactions and the use of different cloud platforms can create further vulnerabilities. That’s why they need a robust data security tool that provides a complete view of their entire data security posture, including data usage and access inventories. – Liat Hayun, Eureka Security
