Would you leave the front door of your store unlocked when you close up for the day? No, you wouldn’t! The same goes for your e-commerce website. While it’s less obvious to spot a threat online, hackers and fraudsters are an unfortunate reality in today’s digital world. 


South Africa in particular is an easy target, as many businesses have not yet invested in as strong cybersecurity measures as more developed countries. In fact, South Africa has the third highest rate of cybercrime victims worldwide


What does this mean for startups and small businesses? Website security is vital. Even if you don’t invest in the most elaborate security tools, the basics are necessary to ensure your website and your customer’s data are safe and secure.


If you’re not sure where to get started, here’s a basic website security checklist:


Install an SSL certificate


This is one of the first security tools to implement, as a website without a security certificate leaves your data vulnerable to interception. What is an SSL certificate? An SSL certificate installed on your website means that any data that passes between your website’s server and the end user is encrypted. Ultimately it means that all sensitive information, even if intercepted, cannot be deciphered and is safe from potential security threats.


How to get a website security certificate:


  1. Choose an SSL certificate that suits your website needs
  2. Depending on the security certificate you choose, you may need to provide proof that you own your domain name
  3. Your information will go through a verification process
  4. Your SSL certificate will be generated and added to your website


Keep on top of passwords


Changing your passwords every six months costs nothing and gives hackers less chance to get hold of existing passwords and information. From website user logins to email passwords, update your login credentials with a mix of capital letters, numbers, and special characters to reduce the chances of your passwords being figured out.


Require customers to create an account


While guest accounts are useful for one-time shoppers, requesting customers to create an account to save their personal details puts one extra barrier between them and attempted security threats. From bank account details to physical addresses, your e-commerce website could hold sensitive user information that must not be found.


Perform regular backups


Backing up your website data should be regularly scheduled into your calendar, or even set up automatically with your web hosting provider. If data is lost, or worse, your entire website is lost, you will be able to recover it almost instantly if the data is backed up and safely stored.


Use an anti-malware tool


Malware is software that has been created to cause damage to a website, a server, or an entire computer. Anti-malware tools not only remove malware on a platform but also scan and detect when malware is present, as a preventative method. This type of security tool will perform scans on a daily basis to reduce the risk of a malware attack.


Restrict permissions


Your website most likely holds valuable customer information and details. The fewer people with access to the back end of your website, the better. Limit your website logins to a select group of people you can trust, or if a larger number of people need access to the website, give them access only to what they really need to see. 


Integrate a secure payment gateway


Taking payments is a vital step in the e-commerce process. While consumers are a lot more familiar with the online payment process than in previous years, you still want to provide customers with a safe and simple process. Avoid sending customers to a separate website to complete payment, and integrate a third-party payment gateway into your checkout process. PayFast for example is a flexible and trusted South African solution.


Be aware of DDoS attacks


Also known as a denial-of-service attack, DDoS attacks occur when a website’s server is flooded with traffic and requests causing the system to slow down significantly or shut down. The website then becomes almost or entirely unavailable to end users. To protect your website against such an attack it is vital that you choose a reliable, local web hosting company that performs regular security checks in the background.


Do regular software updates


It’s all too easy to click the ‘later’ button when a software update notification pops up, but these updates are important to keep on top of the latest security threats. These updates are often designed in response to new threats, and ignoring them could mean you’re opening yourself up to be the latest victim. From updating plug-ins to your CMS, e-commerce software, and any other software your website might have, doing this simple process will keep your website constantly more secure.


In summary, here’s your website security checklist:


  1. Install an SSL certificate
  2. Regularly update passwords
  3. Request customer accounts
  4. Do regular data backups
  5. Use an anti-malware tool
  6. Limit user logins
  7. Integrate a secure payment gateway
  8. Be aware of DDoS attacks
  9. Accept software updates