10 Ways to Protect Your Online Business | Tory Burch Foundation

Operate my business

10 Ways to Protect Your Online Business

Protect your business’ and your customers’ information.

Link copied to clipboard

Cybersecurity can be a challenge for small businesses everywhere. Follow these guidelines to minimize risk and keep your business and customers safe.

1. ONLY KEEP THE DATA NEEDED TO COMPLETE THE TRANSACTION.

Use a trusted integration that encrypts and stores credit card information. This will also prevent you from being responsible for a breach or leak of any sensitive data.

Take Action:

Use a trusted program like Authorize.net, Stripe or Paypal to protect and secure customer information.

2. IF YOU ACCEPT CREDIT CARDS, STAY COMPLIANT WITH INDUSTRY REGULATIONS.

Staying compliant will not only protect you from fines in case something goes wrong, but studies show that compliant companies have fewer breaches because they are more prepared and have thought through their security.

Take Action:

Familiarize yourself with the Payment Card Industry Data Security Standard, or PCI DSS. PCI DSS compliance is required for any organization that handles credit card information. 

3. MAKE SURE YOUR WEBSITE AND ITS DATA ARE SECURE.

TLS and SSL certificates are the standards for keeping your website and data secure. Certification is needed in order to use HTTPS, a process that provides encryption, data integrity and authentication ensuring that search engines don’t block your website for not being secure.

Take Action:

Learn how to upgrade to HTTPS, if you haven’t already, and how it can benefit you.

4. TRAIN STAFF TO RECOGNIZE PHISHING AND BUSINESS EMAIL COMPROMISE (BEC) ATTACKS, AS WELL AS WHAT TO DO WHEN THEY OCCUR.

Phishing is an email that tries to get someone to hand over their login credentials, personal information, or credit card information. BEC attacks are where a hacker uses a corporate email to impersonate the owner of the organization in order to defraud the company, its customers, partners, employees, etc.

Take Action:

Learn to identify the signs of a phishing email and the signs of BEC.

5. USE STRONG UNIQUE PASSWORDS WITH TWO-FACTOR AUTHENTICATION (2FA).

Change passwords every 3-6 months, do not reuse passwords, and always change them after a breach. Keeping accounts secure can help prevent fraud and save you money, time, and reputation – as well as help to create a stronger relationship with your clients.

Take Action:

If keeping a variety of long passwords seems daunting, utilize a trusted password manager such as LastPass or Dashlane. This way, you have to remember one unique password and can create strong, unique passwords for all of your accounts.

6. ONLY USE TRUSTED AND PROVEN ECOMMERCE PLATFORMS THAN ENSURE TRANSACTIONS AND DATA REMAIN SECURE.

Make sure any third-party vendors are carefully selected and fully vetted, especially those who will have access to private data or to your website.

Take Action:

Check reviews and feedback about eCommerce platforms before selecting or installing them. Look for any issues regarding breaches, data loss, or other complaints that could affect the security of your or your customer’s data. 

7. USE A FIREWALL, ANTIVIRUS, AND OTHER TOOLS THAT CHECK FOR UNUSUAL LOGIN ATTEMPTS OR QUESTIONABLE ACTIVITY.

Firewalls help prevent malicious activity from infiltrating your network. Antivirus software provides added backup to your system as well as scanning your system should you suspect something may have gotten through.

Take Action:

Compare firewall options.

8. CONDUCT WEEKLY SECURITY AUDITS TO MAKE SURE THE LATEST SECURITY PATCHES ARE INSTALLED.

This includes all extensions and applications on your site and web servers. Don’t ignore prompts to install any software updates. These updates protect you from known vulnerabilities and zero-day attacks.

Take Action:

Inform yourself on why patches and updates are important and learn how to check for patches for your Windows and MAC OS.

9. BACKUP YOUR DATA AND KEEP A COPY IN A SAFE LOCATION.

Backing up your data allows you to recover all the information from an event such as power outage or ransomware. Make sure to test your backup regularly to make sure it is working as planned and that data can be recovered expediently.

Take Action:

It is important to store data in another location or device in case of damage to your primary storage or device theft. Data can be backed up on an external hard drive or with a cloud solution.

10. CREATE AN EMERGENCY PLAN AND KNOW WHO TO CONTACT IN CASE SOMETHING GOES WRONG.

It should cover events such as a cyberattack, stolen or lost devices. An incident response plan is a set of instructions to help IT staff and employees detect, respond, and recover from security incidents.

Take Action: Create an incident response plan for your business.

Timely Topics

What to Read Now

Create an Operations Blueprint

58 min watch

Create an Operations Blueprint

Chart your path forward

Watch Video
Make Entrepreneurship Your Own

58 min watch

Make Entrepreneurship Your Own

Choose your path as a founder based on goals.

Watch Video
Unlocking AI’s Business Potential

59 min watch

Unlocking AI’s Business Potential

Learn how to leverage the AI already embedded in your operations and discover new tools to help your business scale

Watch Video
Rewrite Your Money Story to Grow Your Business

5 min read

Rewrite Your Money Story to Grow Your Business

Understanding the relationship between your personal and business finances.

Read Article
Social Impact Marketing, the Right Way

7 min read

Social Impact Marketing, the Right Way

How to highlight your company's values and purpose, address missteps and more.

Read Article
Intellectual Property for Small Businesses

5 min read

Intellectual Property for Small Businesses

Why trademarks, patents and copyrights should be part of your strategy.

Read Article