Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
The Confident SMB

E-Commerce sales to top $1.29 trillion: Is your small business website protected?

Created: 04 Jun 2013 • Translations available: 日本語
Tom Powledge's picture
+2 2 Votes
Login to vote

Here’s a number worth thinking about: According to estimates by research firm eMarketer, Inc., global e-commerce sales are expected to grow 18.3 percent to $1.298 trillion this year (Source: eMarketer, Jan 2013). So, what does this mean for you?

Every business, no matter the size, has an opportunity when it comes to e-commerce – it’s not just large retailers, though they do account for the biggest slice of the gigantic pie. As a small business you need to use the Web to attract, find, communicate, service and sell to your customers. It’s a cornerstone of staying competitive and essential if you’re keen to grow.

It may seem simple to open an e-commerce business or add e-commerce to your website. But, many business owners rush in and don’t take the time to lay the proper groundwork before they go live. It takes more than search engine optimization, compelling copy and good website design to find and keep your customers. The most important part of building customer relationships is establishing “online trust” while protecting your business and brand reputation.

The Internet is full of malicious websites that look legitimate, but aren’t. These sites steal information when would-be customers try to register or make payments. The problem goes beyond spoofed websites – last year Web-based attacks increased by 30 percent and many of these attacks originated from the compromised websites of small businesses. Cybercriminals hijack these websites, and then lay in wait for their targets to visit so that they can infect them. This type of attack, called a “watering hole,” is another way attackers leverage the weak security of small businesses to defeat the strong security of larger customers and partners – one such attack targeted and infected 500 organizations in a single day.

Another emerging Web attack takes the form of malvertising where a legitimate website serves infected advertisements. This legitimate online business does not realize it has been compromised and is unaware that the bad ads are silently infecting their users. This type of dynamically created malware is undetected by antivirus and can only be found through scanning software like Symantec’s AdVantage and vulnerability assessment scans.

Whether you’re a dentist booking appointments, a manufacturer selling products or a community bank offering credit cards, customers need to be confident that they can trust you with their personal information. When they visit your website, they expect to be safe. Even if customers are not conducting a monetary transaction on your website, they need to trust that your website is free of malware and that you are who you say you are.

Here’s what you need to consider to safeguard your website and your customers:

  • Use SSL certificates: SSL certificates authenticate the identity of your business and show customers that your site is secure by displaying “https” in their address bar. SSL enables encryption, which means that the sensitive information, such as online registration and transactions, exchanged via the website cannot be intercepted and read by anyone other than the intended recipient. It’s important to keep up-to-date 2048-bit SSL certificates because expired certificates trigger credibility-damaging warnings in the Web browsers of customers or potential customers.
  • Regularly scan your site for malware and vulnerabilities: Both browsers and search engines require website owners to prove their sites are not infected with malware. Automated malware scans that check your site daily and warn you of possible infections help reduce malware risk and preserve your good name. Left undetected, malware can lead to search engine warnings and blacklisting, redirect customers to malicious websites and damage your customers’ computers. You should also monitor for vulnerabilities that cybercriminals could use as an unlocked back door to your site.
  • Upgrade to Extended Validation SSL:  It needs to be easy for customers to definitively know who they are doing business with online. Extended Validation SSL (EV SSL) turns part of the browser address bar green, showing that the website (and, by extension, the company behind it) is legitimate. This visual cue provides immediate verification and increases consumer confidence so your customers know that you are who you say you are and not somebody pretending to be you in order to steal their personal information.
  • Display trust marks: Consumers do not always know who is behind a website they are visiting and need verification that it is run by a legitimate business. Trust marks displayed in search results can increase traffic to your site by inspiring confidence in its security. Trust marks on your website increase visitor confidence and encourage transactions. You should look for seals that are not just static images (which are often inauthentic), but dynamically link to real-time tracking of which company bought the seal and which Certificate Authority (CA) issued it.
  • Provide a security and privacy explanation page: By talking about security and privacy, you let your customers know that you take it seriously. Answer the questions of the safety conscious before they ask them and educate those who are less informed about what the security signs on your site mean for them.
  • Keep your server and data center security software up-to-date: If your server software is outdated then it’s not secure and neither is your website. Be sure to install all patches and upgrades for your server software, including content management software and database, as soon as they become available, just as you would on your company PCs. With the right level of security technology in place, new vulnerabilities will be identified quickly and patches can be deployed without delay.

Proper website security is a necessary and value-added service that you bring to your customers. Small businesses that neglect to secure their websites are particularly vulnerable to attackers. Even if no financial information or sensitive data is lost, an attack, or more significantly an outage, can disable an online business for weeks, infect visitor’s devices, or worse, damage the online trust and brand. To claim the profits of the e-commerce pie, small businesses first and foremost must establish trust in their websites. They need to execute advanced security technologies and policies to keep their website safe and secure in order to increase traffic, sales conversions and e-commerce transactions for their company growth.

Blog Entry Filed Under: