Large or small, no online business is safe from internet fraud.
From a tarnished reputation to losing customers and potentially paying millions of dollars in fines, the damage caused from an online data breach can be insurmountable for a business. With the risk of security breaches and cyber-attacks steadily rising, online businesses must have a comprehensive security strategy in place to protect confidential customer data from ruthless hackers.
New statistics show that 2017 has already had an enormous increase in data breaches, rising by 13 percent in the first half of the year. (Quatro Processing)
Christmas Eve will be the peak day for fraud attempts, accounting for 2.5% of all fraud for the year. – Forbes
The online retail industry will see a spike in transactions and could see a rise in data breaches with the holiday shopping season just weeks away. You can prevent hackers from using your business as the honeypot for customer information by implementing these security measures to protect your business and customers.
Three Tips to Help Protect Private Data
Strong Passwords
Security experts have stressed the need for strong passwords for years. Businesses should encourage employees to implement strong passwords for all business-related accounts to prevent a data breach and to secure private customer data.
Using the same or similar password for multiple accounts can leave personal data extremely vulnerable to an attack. In other words, if an attacker knows one of your passwords, it is likely they will try that password and variations of it for multiple accounts. The most common attack our merchants experience occurs when the same password is used for their WordPress, Miva, FTP, and email accounts. If WordPress is hacked with Malware, it is not uncommon for related accounts using the same or similar password to be hacked as well.
For the highest level of security, it is suggested that passwords should be at least eight characters long, contain a mixture of upper and lower-case letters, numbers and symbols. It is also recommended to change passwords at least every 90 days and use an automatic password generator to create new passwords.
Tip: Increase password security for customers by adjusting the settings within the Miva admin.
User Roles + Privileges
User roles and privileges can control the amount of access a person has to specific information within a database. Businesses can leverage user roles to manage data accessibility to employees. Keep private data safe by limiting private information to employees and assigning specific user roles to their company accounts.
As a best practice, all admin users should default to an ordinary user, with the least amount of access. If employees don’t need decrypted credit card data, they should not have access to it. Remember, it’s better to have to grant further access than take it away because someone abused their user privileges.
Miva offers three types of admin users to merchants including Administrators, Managers, and Ordinary.
- Administrator | Access to all admin features in all of your stores.
- Manager | Access to all admin features in the store where they are the manager.
- Ordinary | Very limited access to admin features within specific stores.
Learn more about user settings within the Miva admin.
Two-Factor Authentication
You don’t always know if your password has been compromised until it’s too late. As a general rule of thumb, two locks are better than one. Two-factor authentication (2FA) is a more reliable method for adding a second layer of security to online accounts.
Two-factor authentication is not new technology; it’s been in use for more than 20 years. However, some businesses are new to adopting this security method. As more businesses implement 2FA, they are setting a new standard for how users log into online accounts. In fact, you may have already been using 2FA without even realizing it. Some examples of 2FA include:
- Using a PIN for ATM withdrawals
- Inputting a zip code to authorize a credit card transaction
- Answering secret questions upon login
- Verification codes being sent via email or text message
- Fingerprint readers
Merchants should have two-factor authentication set up that requires users to clear two levels of security in order to log into the Miva admin. While having two-factor authentication requires more of the user’s time, the slight convenience is a small price to pay for better-secured data.
How to implement Two-Factor Authentication into your Miva Store
Domain Settings > Password Settings > `Enable TOTP (Google Authenticator) Two-Factor Authentication`
Google Authenticator is a free app used to improve the security of online accounts by generating a one-time use, random code. The code will be used upon login, adding a second layer of security. Download Google Authenticator for iOS and Android.
Implementation: Watch Two-Factor Authentication Tutorial Video.
Taking these steps to ensure your private business and customer data is being protected with the highest level of security could save your business.
About The Author
Katy Ellquist
Katy Ellquist, Miva’s Digital Marketing Strategist, is an accomplished writer, marketer, and social media analyst who has created sophisticated content campaigns for a broad range of professional clients. She brings to Miva a complex understanding of ecommerce trends and techniques, building upon extensive digital agency experience and a prior role as direct liaison to Miva’s top accounts. Katy is a regular contributor to the Miva blog, covering essential ecommerce topics like design & development strategy, site optimization, and omnichannel selling, with the goal of increasing the actionable knowledgebase of the entire Miva community.
