For any ecommerce websites, it is important to make sure your ecommerce website is secure as possible so you can help protect your clients critical and financial data.
For our ecommerce website clients, we take security seriously and so does our platform partner Weebly.
Here are some critical tips to help reduce the risk your ecommerce website does not get hacked and worse of all, your clients data does not get compromised.
For all of the passwords that are needed to access your ecommerce website, you should implement a complex password policy and change them on a regular basis (At least every 6 months). You also want to limit the amount of people who have access to your website and ecommerce CMS. You should also make your customers are aware that they should also adhere to a password policy if they are accessing your site. Here is a great article from SANs.org that provides a guidline for implementing a gernal password policy.
You could also use a solution like OneLogin that provides a single sign on to multiple cloud based services, including CMS applications. If you are a larger organization, you can use one of these OneLogin solutions that are made for various ecommerce websites:
Weebly & OneLogin: https://www.onelogin.com/connector/weebly-single-sign-on
Squarespace and OneLogin: https://www.onelogin.com/connector/squarespace-single-sign-on
Shopify and OneLogin: https://www.onelogin.com/connector/shopify-single-sign-on
Wordpress and OneLogin: https://www.onelogin.com/connector/wordpress-single-sign-on
SSL which stands for Secure Sockets Layer. This is an encryption technology that allows for a secure connection between your web server and your visitors web browser, allowing for the safe passage of sensitive data. The identification of an SSL certificate can seen with the padlock you can see when you go to certain websites. You can go the extra mile and get an Extended Validation (UV) SSL certificate which allows a third party to verify the overall security of your site and changes your URL to green.
For more info on a UV SSL Certificate, here you go: https://www.godaddy.com/help/what-is-a-premium-extended-validation-ev-ssl-certificate-2198
You can get an SSL and UV SSL Certificate from here: https://www.secureserver.net/ssl/ssl-certificate.aspx?ci=1790&prog_id=509319
Even if you have an SSL cert on your website and you are using a strong password policy, you still want to make sure you are complying with PCI Security Data Standards. This means such things as having a secure firewall, making sure you do not have malware on your website and you have proper protections in place to limit network access to your website. To learn more about PCI Compliance, see the following: https://www.pcisecuritystandards.org/documents/PCI_DSS_v3.pdf
Most ecommerce platforms like Weebly, Squarespace, Shopify are PCI compliant, but double check and make sure.
You can also go the extra mile and makes sure your website is free from malware and other malicous security threats by implementing a vulnerability scanner that will also notify your clients that your website is secure. This will also help with any self assessments you may need to do for your PCI compliance.
Here is an option you could go with from SiteLock: https://www.secureserver.net/security/malware-scanner.aspx?ci=89298&prog_id=509319