4 Ways To Protect Your eCommerce Site This Holiday Season

Nov 07, 2013 By Sarah Vonnegut

It’s already a week into November and that means one thing: the holidays – and the mad rush that is holiday shopping – are fast approaching. With Cyber Monday numbers expected to be at an all-time high this year, it’s crucial for companies to get their ‘digital ducks’ in a row before the big rush begins.

A new report from the Ponemon Institute found that eCommerce retailers anticipate an average revenue boost of 55 percent on Cyber Monday and that just one hour of downtime would cost a company an average of almost $500,000. And it’s not just big businesses that get attacked; last year, a separate report found that nearly a third of all targeted attacks were directed at SMB’s and organizations with less than 250 employees. After all, many hackers assume that smaller businesses don’t have the time, energy, or resources to prevent their attacks – but if you have better control going into the holiday season you can severely cut down the risk by working in advance to protect your site and customers. There’s no need to be afraid – just preventative and vigilant.


1.       Don’t Store Sensitive Records – And Purge The Information You Have Stored Now

Online retailers will be overloaded with customer data over the next few months, and it’s important to encrypt and store what you need – and then get rid of everything else. A good idea is to keep only enough data for cases of refunding customers and refuting chargebacks and removing all old data before Thanksgiving.

Complying with the PCI Data Security Standard, created to protect cardholder data, isn’t a hassle as much as a potential lifesaver for your business. The standards are there to not only protect your customers but your business as well, and compliance to them gives your customers a higher level of trust in making purchases from your site. The loyalty that comes with that trust creates a higher rate of return and word of mouth recommendations.

2.       Require Strong Passwords

A look at the 20 most popular passwords from Adobe’s recent breach of security points to the fact that although the majority of us know that we’re supposed to be using complex passwords, we simply don’t – it’s a big hassle, but one well worth your while. It’s a great idea to  use strong passwords on sites you use personally, but you should also be enforcing strong password requirements on your site: at least 7-8 characters with numbers and uppercase letters. Hackers often use automated tools to ‘guess’ passwords, so the more complicated the password, the less risk of hacking there will be. Another way to protect yourself and your users from password breach is by storing passwords as encrypted values with a hashing algorithm that prevents them from being decrypted by malicious hackers.

3.       Use A Multi-Layered Defense

As experienced hackers already know, there are numerous ways to ‘skin the cat’ when it comes to stealing a website’s sensitive information. It’s your ‘job’ to increase the hacker’s “work factor” and make it more difficult to compromise your site’s security. While most companies do well protecting their network through a firewall and perimeter security, there are several other areas that also necessitate special attention, including application, host, and data security.

4.       Patch Your Software & Keep It Up To Date

Chances are that your eCommerce site employs some software that was not authored by you or your team. It’s vital that you keep tabs on known software issues so that you can update and patch your software as soon as you see something. Since you most likely don’t know what vulnerabilities might have existed in the code, one of the key ways to preventing malicious attacks is keeping up to date with software security. The National Vulnerability Database is a great resource for information and news.


It’s important to keep in mind that steps like the ones listed above will never completely eliminate vulnerabilities on your eCommerce site. But it will make it much more difficult for a hacker to get what he or she is looking for on your site and is much more likely to move on to a less-secure target.

The following two tabs change content below.
Sarah is in charge of social media and an editor and writer for the content team at Checkmarx. Her team sheds light on lesser-known AppSec issues and strives to launch content that will inspire, excite and teach security professionals about staying ahead of the hackers in an increasingly insecure world.

Latest posts by Sarah Vonnegut (see all)

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.