"85% of retailers think that online sales will increase this holiday season compared to last, and 61% expect higher engagement and/or purchasing through social media channels due to COVID-19" Bazaarvoice
An "attack surface" is all the ways a hacker could potentially abuse your store. For a self-hosted online store, that includes your software (WordPress) and all the themes and plugins you use to build the store and add functionality. To reduce your attack surface, ask yourself these questions whenever you consider adding or expanding software:
Do I really need this?
Does the vendor for this have a plan if a vulnerability is disclosed?
Are these developers prioritizing security?
Do YOU have a plan to monitor and apply updates as they are released?
With an online store, securing online payments and protecting cardholder details are essential. He recommends paying attention to the kind of sensitive information you're collecting, who has access to it & how access events are recorded, use of HTTPS, proper storage and monitoring of cardholder data, PCI compliance & GDPR laws, and website change logs. Failing to ensure you're handling these things properly can cost you a lot between fines and lost business.
Even if you're proactive about security, you'll still need a Disaster Recovery Plan to account for worst case scenarios. Key steps in a Disaster Recovery Plan are:
Know whom to contact to remediate immediately if compromised.
Recover by informing your customers in a timely fashion; and execute backups if needed.
Review your existing security strategy to identify improvements.
Make changes to continue to minimize your risk and exposure.
A little about Victor
Victor Santoyo is Sucuri’s Senior Account Executive who joined in 2015. Victor’s main responsibilities over nine years has included helping agencies, web professionals, and businesses of all sizes secure their web properties. When Victor isn’t onboarding new partners, you might find going out for long runs or watching sports with his family.