Skip to main content

Cyber Security for Ecommerce Companies: 5 Protocols You Need to Follow

By November 1, 2022 No Comments

Cyber security for ecommerce companies is one of the most important keys to success. Your customers trust you to deliver on what you sell – and that doesn’t just mean receiving what they purchased.

In order to build a successful ecommerce brand, you have to keep your customers’ information safe. There’s no room for data leaks.

You’re expecting customers to provide your business with a slew of personal information, such as their name, home address, email, phone number, and credit card info. While that’s the norm with today’s online shopping trends, it’s also expected that you do your due diligence.

Otherwise, ecommerce security issues tarnish your brand, and that’s your livelihood right there. With the sheer amount of ecommerce sellers out there today, you have to distinguish your business, and a huge part of that is building trust.

Have we piqued your interest yet? Keep on reading for 5 cyber security protocols you should be following in your ecommerce business.

1. Use unique passwords

You should have a unique password for every site. While this is hard to keep up with by yourself, we strongly recommend using a password vault like LastPass. All you need to do is create a master password, and LastPass will store your usernames and passwords for an unlimited number of websites, autofill your login info, and allow you to share your login info securely with colleagues.

Tips for using LastPass:

    • Make your master password as long and complex as you can manage
    • Enable Two-Factor Authentication (2FA)
    • Run the app’s security challenges, and update any weak, short, duplicate, or compromised passwords
    • Install the mobile app to use away from your computer/laptop
    • Generate complex, unique passwords using the auto generator
    • Share your password securely through the vault – users will be able to login but will not be able to see the password

2. Enable two-factor authentication

Hackers latch onto emails to catch any password resets. You can avoid this happening by requiring two forms of authentication before you log into your most important online accounts, such as your email. This is one of today’s standard cyber security protocols.

For Google or Microsoft, you’ll want to install the Lastpass or Google Authenticator. Using an authenticator app is the most secure approach vs. an SMS text or email. Plus, this is the best solution to use when traveling internationally.

You should use sites that offer a text, SMS, email, or other method to validate your identity. Make sure to enable any backup or alternate login details and save the notes in the password vault. (2FA is awesome but can be a nightmare if your mobile isn’t charged, is lost, or is having technical difficulties.)

It’s best to set up Google Voice or another service that supports SMS/texting so you can receive the authorizations on multiple devices such as your computer, phone, tablet, etc.

3. Monitor security alerts

Set up Google alerts for your core apps. This can help detect security issues, password leaks, updates/patches, and more.

Alerts should be set weekly or monthly to make sure you aren’t missing any major issues with these apps. Learn how to create Google alerts through the Help Center.

4. Keep your systems updated

Update/patch all of your devices, browsers, and apps that you use to access your password vault, bank, ecommerce sites, etc. You should update your systems monthly at minimum, or weekly if you’re using Windows.

You should also run antivirus and anti-malware tools on your devices, including mobile devices.

5. Encrypt your hard drive

If your system is newer or has a Solid State Drive (SSD), use the built in OS drive encryption (or BitLocker for Windows).

Make sure to back up the encryption keys to LastPass, too.

If you lose your computer, drive encryption prevents people that have your system from being able to access your data. We recommend having a cloud backup of the data on your system in the case of a lost or broken computer.

More Ecommerce Resources

Cyber security for ecommerce sellers is critical, and thus, critical to us at Acuity.

As your trusted team of financial experts, we recognize that cyber attacks can be detrimental to an ecommerce business. As a brand, you’ve promised to deliver a good or service to a customer, without any security risks.

It’s similar to the promise we make to our clients – trust us with your books, and we’ll promise to keep them safe and in good shape.

At Acuity, we take cyber security for ecommerce companies seriously, following the standards (plus more) to ensure your financial data is only accessible by the right people.

Looking for more best practices for your ecommerce business? We’ve got you covered. Check out our ecommerce YouTube playlist, Solutions for Ecommerce Sellers.

Ready to outsource your ecommerce accounting to a team of experts? Learn more about our ecommerce accounting practice to see if we’re the right fit for you and your business.


1. How much does cyber security cost for an ecommerce business?

Experts say you should spend between 10 to 15% of your IT budget on cyber security. It’s more expensive to handle a data breach or a cyber security attack than it is to be proactive with your protocols.

The average amount spent on cyber security for ecommerce sellers depends on the size of your business. Small ecommerce businesses fall in the range of $100 to $500, and medium-sized businesses fall in the range of $500 to $2,000.

2. How much does cyber security insurance cost for a small ecommerce business?

Cyber security insurance (also referred to as cyber liability insurance) is a layer of protection for your ecommerce business, covering any expenses incurred from data breaches and cyber attacks.

If you’re a small ecommerce business, we definitely recommend adding this insurance to your budgets as small businesses are frequent targets for cyber security attacks.

Quotes for cyber security insurance vary. We recommend shopping around and receiving a few quotes before making your decision.

However, on average, small businesses pay in the range of $1,000 to $2,000 per year for cyber security insurance.

3. Why should ecommerce business seek out third-party vendors for cyber security?

Small and medium-sized businesses should outsource their IT security to a Managed Security Provider (MSP) or security consultant that specializes in ecommerce and your core applications.

Do be careful when you connect third-party apps to your business and shopping cart, there are many attacks through these partners.

You should NOT seek out third-party vendors for cyber security. Several cyber attacks have been linked to loose security from third-party vendors, and the last thing you need to do is leave your ecommerce business more susceptible to cyber attacks.

4. What is the importance of security for ecommerce?

Cyber security is one of the most crucial components of a successful ecommerce business. Your customers trust you to deliver on what you’ve promised: what they’ve purchased and the safety of their personal information.

There’s no room for data leaks – otherwise, you’re tarnishing your brand, and guess what…there are plenty of other ecommerce sellers to go to instead of you.

5. What is the security standard for the ecommerce industry?

The security standard for the ecommerce industry is all about cyber security protocols. We recommend following the 5 protocols we outlined in this article.

6. What actions do not help to provide security for ecommerce sites?

Here are a few actions that do not help cyber security for ecommerce businesses:

– Relying solely on one technology for cyber security. Technology is always changing, which can create holes for cyber attacks.

– Treating security as an add-on rather than a pillar of your business.

– Investing in beating out competition over cyber security. Security actually helps establish brand authority and creates credibility for clients.