{"id":3759,"date":"2018-03-08T09:55:53","date_gmt":"2018-03-08T17:55:53","guid":{"rendered":"https:\/\/www.genesisdigital.co\/blog\/?p=3759"},"modified":"2019-05-09T11:31:43","modified_gmt":"2019-05-09T18:31:43","slug":"5-critical-security-issues-that-you-should-have-patched-by-now","status":"publish","type":"post","link":"https:\/\/www.genesisdigital.co\/blog\/learn\/e-commerce\/5-critical-security-issues-that-you-should-have-patched-by-now\/","title":{"rendered":"5 Critical Security Issues That You Should Have Patched By Now"},"content":{"rendered":"

There are critical business security issues that need to be handled sooner than later. Just last week, I discovered that we\u2019d gone to bed and forgotten to lock the rarely-used back door to our house. In fact, it wasn\u2019t just unlocked – it was slightly ajar.<\/p>\n

And it had been that way for at least three days.<\/p>\n

Fortunately, we weren\u2019t burglarized or killed in our sleep so the story had a happy ending. In fact, given that there were no consequences, I figured I\u2019d just leave the door open and unlocked indefinitely. I mean, why not? I\u2019m a busy guy \u2013 I have other important things to do.<\/p>\n

Don\u2019t get me wrong, I\u2019m not an idiot. I WILL close it eventually. But we\u2019ve got by with it open thus far, so there\u2019s no rush.<\/p>\n

(By now, you see this is a metaphor, right?)<\/p>\n

Getting a Round Tuit<\/b><\/h3>\n

A friend of mine use to have a plate on his wall that was labelled, \u201cA Round Tuit.<\/i>\u201d His wife used to complain that when she asked him to do a job around the house, he\u2019d say that he\u2019d do it when he \u201cgot around to it.<\/i>\u201d So, she figured if she bought him one, then stuff might start getting done.<\/p>\n

Is securing your online business (or reviewing the security you already have in place) one of those jobs that you figure you\u2019ll sort out when you get around to it<\/i><\/b>?<\/p>\n

Maybe you read about SSL certificates and decided you\u2019ll get around to getting one eventually. Or you know that your Privacy Policy hasn\u2019t been updated or even reviewed in five years, but it\u2019s on your \u201cto-do\u201d list – somewhere.<\/p>\n

That\u2019s not a great position to be in because, potentially, your back door is not just unlocked but it\u2019s also slightly ajar. Just because no one has – so far – tunneled into your online business and set fire to everything doesn\u2019t mean you can keep putting these things off.<\/p>\n

It isn\u2019t just your profits and your customers\u2019 privacy that is at risk. Negligence leading to a serious breach could result in fines or even prison time<\/a>.<\/p>\n

So think of this article as your personal Round Tuit when it comes to security issues in your business. Here are five areas of your online business that you should review and lock down ASAP.<\/p>\n

Please know that none of this is legal advice – I\u2019m a writer not a lawyer. Most of the information in this article came from people in our business who understand this stuff way better than I do, so it\u2019s solid advice. But still\u2026 it\u2019s up to you to do your due diligence and research what your business needs to be compliant with the law.<\/i><\/p>\n

    \n
  1. \n

    Purchase an SSL Certificate<\/b><\/h4>\n<\/li>\n<\/ol>\n

    A Secure Sockets Layer (SSL) certificate is proof that your business has a tough layer of security protecting the connection between your website and your customers\u2019 computers.<\/p>\n

    If you need to know more about the specifics of the technology there are some good explanatory videos on YouTube<\/a> but all you really need to know is that it\u2019s inexpensive to purchase and it\u2019s ESSENTIAL if you collect any kind of data from your visitors.<\/p>\n

    Whether it\u2019s names, email address, physical addresses, credit card numbers, bank details… it doesn\u2019t matter. If that bit of data identifies your visitors in some way, it should be encrypted and SSL is the simplest, fastest means of accomplishing that.<\/p>\n

    Genesis Digital<\/a> (Genndi) has a company-level SSL certificate that verifies and protects all of our websites. To obtain certification at that level is not cheap but, if you\u2019re a small business with a single website, you can purchase an SSL certificate for just a few dollars a month.<\/p>\n

    And here\u2019s the thing about investing in security for your business\u2026<\/p>\n

    When your customers can SEE that you take online security seriously \u2013 both yours AND theirs \u2013 this feeds into their positive perception of your business and builds trust.<\/p>\n

    Money spent in securing your business doesn\u2019t just pay for itself. In the long run, it increases your profits.<\/p>\n

    ACTION: Google \u201cSSL Certificate\u201d and purchase from a reputable provider (which may be your current website hosting company).<\/b><\/p>\n

      \n
    1. \n

      Create (or Review) Your Privacy Policy<\/b><\/h4>\n<\/li>\n<\/ol>\n

      There are legal requirements for your company\u2019s Privacy Policy and I\u2019m not even going to pretend that this stuff isn\u2019t complicated. But the good news is that this stuff scales.<\/p>\n

      If you\u2019re a large company, you should seek legal advice. If you\u2019re a small business or a solopreneur, purchasing an inexpensive Privacy Policy template and customizing it for your business may suffice.<\/p>\n

      Before you get to the stage of thinking about statutory compliance, it\u2019s good to come up with an ACTUAL Privacy Policy for your business. For example, Genndi\u2019s policy is this:<\/p>\n

      Find out what protects the most people and implement it.<\/i><\/p>\n

      It\u2019s a simple concept but it encompasses our determination to stay on top of security, and our decision to choose the best security options, regardless of cost or complexity.<\/p>\n

      Yes, this is an ethical decision but it\u2019s also a business one. We hold firmly to the belief that what is in the best interest of our customers is also in our best interest. Tight security costs more but the trust it earns us increases our sales and our bottom line.<\/p>\n

      This means security for Genndi is\u2026<\/p>\n