Is Your eCommerce Website Secure?

By Dr. Ashley T. Howes
20 October 2022

Having a secure ecommerce website is essential for an online business.

Taking steps to reduce the risk of your website getting hacked and looking to make consistent improvements in your cyber security are part of your business responsiblities for data protection / GDPR.

The problem is that it's still challenging in 2022 to understand this from a non-technical perspective and measure how secure an ecommerce website is.

To help you get a better understanding, here are some things to consider.

There's no Such Thing as a 100% Hacker Proof Website

No website is 100% hacker proof. There are steps you can take to reduce the risk, but the risk will never be zero.

Think of it like a lock on a bike. A lock will reduce the risk of your bike being stolen, but your bike may still be stolen.

Or think of protecting an old english castle. They were built with protection in mind - on raised grounds, had moats, could only be entered via a draw-bridge, etc

Adopting this mindset, you can get a better idea of what needs to be done and why

Was the Website Built With Security In Mind

Did the developer of the website build it with security in mind?

Did they follow best practice? Did they follow the OWASP Top 10 guidance or similar?

What about your hosting? Do they block bad requests with firewalls?

Have You Had The Security of Your Website Tested?

If your website was not built with security in mind, you should get it tested as soon as possible.

This can be done either by testing the website from the outside (as a black box) or by auditing / reviewing the actual code the website runs.

You should receive a detailed report after testing.

Ask the report to have two sections: a management summary and a technical report.

The management summary is for the business director / owner. It should highlight at least the three worst issues in plain english: describing what each issue is, the severity, risk and the consequences of not fixing them.

The management summary should also include a count based on the severity for all issues - for example 10 critical, 20 warning, 30 info

The technical report should describe in detail each issue from a technical perspective and the steps needed to reproduce it

The technical report will need to be forwarded to your website developer for them to review and advise costings for relevant issues

How Often Are You Testing / Reviewing Your Website Security?

Security researchers are finding new vulnerabilities all the time.

It's very important your website is keep up to date, e.g. relevant components are updated, code tested, and changes made regularly to reflect best practice.

You need to determine how often this is done, e.g. weekly, monthly, once a year?

Ideally, your web developer should be contacting about this.

If they do, do you listen to your web developer's advice and allow them to action what they advise you do? If not, why not?

If you don't understand why they want to do something, ask them to explain it in more detail in non-technical terms.

If you are looking for a ecommerce web developer in Norwich to create a new ecommerce website for your business, please get in touch.

Common ECommerce Website Mistakes

How to avoid them common ecommerce website mistakes

Why Our Customers Choose Us

•	Our 100% on-time delivery record over the last 17 years, attention to detail and prompt service mean our clients choose us again and again and know their business is in safe hands. Read about our case studies
•	We speak in plain english and work very closely with business owners to make sure our web design and digital marketing help them grow and our software solutions do exactly what they want in the way they want
•	We supply clear and easy to interpret estimates which you agree to before we proceed

Meet Our Founder

You will be working directly with the founder of our business - Dr Ashley T. Howes - who graduated from UEA with a Ph.D. in Computer Science and worked at a leading marketing agency in Norwich. He analyses your specific needs and uses his many years of experience to advise on the best approach to help your business succeed