The holidays are fast approaching, bringing a flood of online shopping. Cyber Monday alone is expected to bring in $9.4 billion this year. These trends prove the holiday season continues to be extremely lucrative for e-commerce businesses, and likely drives a high percentage of their annual revenue. It's critical that e-commerce businesses, especially smaller online retailers, take the proper security precautions to avoid putting their websites and customers at risk. 

If your e-commerce business suffers a security breach, any downtime incurred could significantly impact profits, as well as customer trust. Additionally, a security breach could  put your customers' personal identification information (PII) in the hands of bad actors. According to recent data collected by my company SiteLock, 54 percent of online shoppers say they won't return to any online retailer after a security breach, while 66 percent of online shoppers wouldn't return to a small online retailer following a breach.

Given the ever-changing threat landscape, today's small online retailers need to proactively defend themselves against potential cyberattacks if they want to see strong holiday sales. Here are some important steps e-commerce retailers should take to protect themselves from security threats:

1. Follow PCI compliant guidelines.

PCI compliance refers to the security standards businesses must follow to protect their customers' credit card data. By complying with PCI Security Standards Council guidelines, you can help secure your systems and your customers' data. You'll reduce the risk of fraud and identity theft for your customers while avoiding a hefty fine that might cost your company $100,000 or more.

2. Proactively scan for malware.

It's crucial to take steps to proactively protect your e-commerce site from malware. Investing in a malware scanner can help safeguard your company against cybercriminals. A malware scanner is a security solution that performs automatic scans of your site regularly to identify vulnerabilities, changed files, and blacklisting. The best scanners can also automatically remove any malware detected.

3. Use a Web application firewall (WAF) with a content delivery network (CDN).

A WAF monitors all incoming traffic to your website, blocks cyberattacks, and prevents malicious traffic from reaching your server. A CDN is made up of a group of servers that quickly and securely deliver content, resulting in faster website load times and a better experience for your customers. Having both of these in place is your best option, since the CDN speeds up your website while the WAF ensures that only legitimate traffic hits it.

4. Clean house regularly.

Be sure to review all your system and web applications on a regular basis to make sure they are updated. You should remove any applications that you are no longer using as an added security measure. This will help keep all your business systems malware and infection free. Also, regularly scanning your website for weak entry points is crucial to ensure cybercriminals cannot gain unauthorized access to your site, especially in outdated applications. Vulnerability patching can automatically fix weaknesses found in outdated files in content management system (CMS) applications before they can be exploited.

5. Don't store it if you don't need it.

Always remember that cyber attackers can't steal what you don't have. For this reason, your company should remove any sensitive customer data such as credit card and bank account information that's not essential to your business. Even better, avoid storing this sensitive information in the first place to protect yourself and your customers from bad actors.

6. Reassure shoppers.

It's important to let customers know their personal and financial information is safe with your company. According to the same SiteLock research linked above, 66 percent of consumers are concerned about their personal data being stolen as a result of shopping online, and 48 percent of consumers do not believe smaller, lesser-known online retailers properly store their personal information online.

Small retailers can reassure shoppers that their information is secure on their website by displaying a security trust badge. This badge verifies the website has been tested regularly and been cleared for vulnerabilities and malware. Today, 79 percent of online shoppers expect to see a trust badge, according to SiteLock's research. Consumers also consider a secure payment process and a recognized security logo to be major confidence boosters. To reassure your customers that your e-commerce site is on a secure network, make sure HTTPS and the padlock symbol appear in your URL.

The holiday season is an extremely important time of year for small online retailers given the expectation of high traffic and sales volume. If you fail to take the necessary steps to sell securely, you risk facing consequences that could negatively impact both your bottom line and customer loyalty. Implementing these security practices is the single best step you can take to ensure your e-commerce business is successful and profitable this holiday season.

Published on: Nov 12, 2019
The opinions expressed here by Inc.com columnists are their own, not those of Inc.com.