As a business owner, you need to know about sales, marketing, supplier management, customer service—the list goes on. During the challenging conditions we’re all facing at the moment, the importance of online sales has grown. And this has brought with it many new demands, including the need to protect your e-commerce presence from cyberthreats.
Cyber security is a topic that fills many store owners with dread. It can be very technical and often sounds like a foreign language. That’s part of the reason why many put it off, often until after they’ve been hit and their reputation and customer loyalty damaged. Fortunately, there are ways to proactively improve the security of your store without stretching your time and expertise even further.
Data breaches are a big problem
In 2019, over 7,000 data breaches were reported. But the 15 billion records disclosed as a result of these notified incidents were probably just the tip of the iceberg. That number is likely to rise as mandatory disclosure laws become more widespread.
It’s easy to think that it just won’t happen to you, but the reality is that most businesses suffer multiple attacks. A survey of Nordic CEOs by KPMG found that 65% thought that, for their organisation, becoming a victim of a cyberattack is a case of “when” not “if”.
You don’t have to be a household name to be attacked. Despite what you might have seen in movies, few hackers carefully target their victims. The vast majority of cybersecurity attacks are opportunistic. Most cybercriminals don’t care who you are or what you do, as long as you have a vulnerability they can exploit.
The bottom line is that protecting your customers’ data is critical. But many businesses don’t understand how to do it well.
In its 2019 Payment Security Report, Verizon found that 37% of companies fell out of compliance between annual PCI DSS audits.
Data protection is a 24×365 job
Your online store is open all hours. Customers can place orders all through the night, and even when you’re on holiday. But that means that your store can be attacked around the clock too. As even the most savvy, well-prepared companies will tell you, no matter how well you protect your customers’ data, it’s not enough. Being able to detect attacks and respond to them quickly is vital to mitigating the damage. You need to get cybersecurity right 24×365. Hackers only need to get it right once.
There are industry regulations, like the Payment Card Industry Data Security Standard (PCI DSS) and the General Data Protection Regulation (GDPR), that provide guidance. But certification doesn’t mean you’re secure. It isn’t a “green light” for you to put your feet up.
Compliance doesn’t equal security. No compliance standard covers every single thing that could go wrong. And a compliance audit typically only checks a subset of devices and processes. A certificate simply means that no evidence was found that you weren’t compliant on a certain day. Think of it like learning to drive: passing your test doesn’t mean you’re a great driver, or even that your instructor would approve of how you drive every time you’re behind the wheel.
But there is some good news. There are ways to cut down on what you need to worry about.
You don’t have to do it alone
Choosing the right cyber security partners will reduce the burden on you and let you get on with what you do best: running your business. There are experts that can help you secure all aspects of your online store—from the server it’s hosted on, through to the e-commerce platform you use, and how you process payments:
- If you’re looking after your own server, you should consider a managed option like hosting your store in the cloud. Look for a vendor with a good reputation for ensuring the security of its servers and connections.
- If you use a Software as a Service (SaaS) platform, like Shopify, it will look after most of the security of your store. Open-source platforms like Magento require more effort. But there are companies who will take care of most of it for you—they’ll install patches promptly and monitor for security issues and apply fixes.
- If you choose a payments gateway, the provider will do a lot of the work to protect you from fraud and keep your customers’ data safe. When a customer clicks “buy now”, their details will be sent directly to the gateway—not your server. You won’t have to store the data at all. And if you don’t hold the data, you don’t have to secure it. An added bonus is this will reduce the complexity of your compliance audits —what the experts call “scope reduction”.
Millions of businesses and consumers trust Nordea
Nordea has been helping Nordic businesses for over 100 years. But we’re constantly innovating to provide the services that our clients need now and into the future. That’s why we created Nordea Connect—a payments platform that simplifies online payments while maintaining rigorous safety standards to protect customer data.
By choosing Nordea Connect, you can be confident that your business and your customers’ data is in safe hands. And you can free up your time to focus on your business.
Visit our website to find out more about how we can help secure payments on your online store.
1.  Data Breach QuickView Report 2019 Year End, RiskBased Security
2.  https://home.kpmg/fi/fi/home/campaigns/2019/05/cybersecurity.html
3.  https://enterprise.verizon.com/en-gb/resources/reports/payment-security/
Sign up for the Open Insights newsletterTAKE ME TO THE SIGN-UP PAGE
The information provided within this website is intended for background information only. The views and other information provided herein are the current views of Nordea Bank Abp as of the date of publication and are subject to change without notice. The information provided within this website is not an exhaustive description of the described product or the risks related to it, and it should not be relied on as such, nor is it a substitute for the judgement of the recipient.
The information provided within this website is not intended to constitute and does not constitute investment advice nor is the information intended as an offer or solicitation for the purchase or sale of any financial instrument. The information provided within this website has no regard to the specific investment objectives, the financial situation or particular needs of any particular recipient. Relevant and specific professional advice should always be obtained before making any investment or credit decision. It is important to note that past performance is not indicative of future results.
Nordea Bank Abp is not and does not purport to be an adviser as to legal, taxation, accounting or regulatory matters in any jurisdiction.
The information provided within this website may not be reproduced, distributed or published for any purpose without the prior written consent from Nordea Bank Abp.