By Chris Christoff, co-founder of MonsterInsights

E-commerce websites are more popular now than ever before. During Cyber Monday in 2019, online sales peaked at 9.4 billion dollars in one day, according to Adobe figures. It's hard to deny the wild success of shopping online, especially since we all can make purchases directly from our smartphones. 

But there's a problem. 

The increase in online shopping has led to hackers and scammers taking advantage of businesses that are not protected. Damage control in this situation can range from difficult to impossible. At best, you may have to load a backup of your website and figure out how your site was infiltrated.

The worst-case scenario is someone breaks in and hijacks your website and then steals all of your customer records. If this happens, you're going to have a hard time recovering from the financial loss and damage to your reputation. 

Global ransomware attacks are predicted to cost $20 billion in damage in 2021, per Cybersecurity Ventures’ “2019 Official Annual Cybercrime Report.” These three tips will help you lock down your website and significantly reduce the chances of a cyberattack.

Enable multifactor authentication.

We once fantasized that technology would make it to the point where passwords were obsolete. There's a chance we might make it to that point someday, but we are certainly not there today. For now, you should enable multifactor authentication for all of your employees and management. 

Multifactor authentication requires you to use two or more methods at the same time to log in. For example, you have to enter your password and then enter a code that is sent to your cellphone or email address. The extra step is designed to prevent a brute force attack, or stop a potential hacker who was able to steal company data on a public Wi-Fi network. 

The scammer might have the login information, but they don't have the cellphone for the second step of authentication. If the hacker cannot access the second login method, they can't enter the back end of your website, which effectively stops them in their tracks. 

Back up your website.

Website backups are the only way to feel confident that you'll be able to recover your business in the event of an attack. Some hackers break into a website and shut it down, just for the sake of causing stress to companies and customers. Other cybercriminals are looking for personal information that they can sell to the highest bidder. 

When your website falls victim to an attack, you have to shut it down to prevent compromising sensitive information and ruining your reputation. There are several ways to back up your website, including cloud-based solutions and manual backups. 

Both backup types have their benefits. For example, cloud backup programs can automatically save a copy of your website daily. In most cases, your information is stored across several secure networks so you can quickly access it and restore your site in case of an attack. Manual backups are great because you can keep a copy of your website with you at all times on a flash drive keychain or laptop hard drive. 

Don't keep sensitive user information on file. 

Hackers generally have two targets when they break into a website. The first thing they look for is information on consumers. If you keep credit card numbers of your customers on file, there's a good chance that cybercriminals will get their hands on this information if they make it past your security. The second target hackers go after is the business owner and employees, who all have sensitive information on their website as part of their jobs. 

It's hard to avoid keeping employee data and your banking information on your website, but you can protect your consumers. Make sure your payment fields are one-time entries, and scrub their payment information after their purchase goes through. Browsers like Google Chrome allow users to save their passwords and credit card information, which removes the need for you to have this feature on your checkout page. 

Scrubbing credit card data helps your customers, but it also benefits your e-commerce store. If you fall victim to an attack, you can rest easy that none of your consumers lost their personal information, which will help keep your reputation strong even after a cyberattack. 

There are plenty of ways to keep your e-commerce website safe in 2020. The three tips mentioned here will help you protect your website, employees and customers. The size of your business doesn't mean much to scammers. Small, medium and large companies are all at risk for cyberattacks, with small businesses suffering the most due to tight budgets.

As your business grows, don't forget to continue refining and adding new layers of protection to your cybersecurity plan.

Chris Christoff is the co-founder of MonsterInsights, the leading WordPress plugin for Google Analytics.

Published on: Jan 23, 2020
The opinions expressed here by Inc.com columnists are their own, not those of Inc.com.