Keeping Your Online Business Secure

Share Button

Running an online business can be a very rewarding opportunity. Due to the potential savings for the business owner from not paying for a physical storefront, online businesses can often offer services and products for a better price to their customers or, at the very least, afford to offer free shipping. Both can drive a lot of business to their websites from those looking for a deal or those who simply do not have the time to shop at their local stores.

The main problem lies in the fact that running an online business can bring about security risks, not only to your customers, but also to yourself. No one online is immune to cyberattacks, and many aren’t even aware of how to protect themselves online to begin with. Though data breaches could still happen when you’re well protected, it’s very rare, and by following some simple security tips, you may never have to deal with the devastating effects of a security breach at all.

Here are a few ways you can better protect your online business.

Virtual Private Networks

One of the main things that can protect your business online is security software. Most have already heard of an anti-virus program, but it’s not as common to be familiar with what a Virtual Private Network (VPN) is. In basic terms, VPNs are encrypted remote servers through which you route your internet traffic.

Since you’re routing your internet traffic through the VPN, your connection also becomes encrypted. Your IP address (which is used to determine your location) is masked as well so that it appears as though you are located in the city of the VPN’s remote server. This allows you to unblock content online (which is very helpful when traveling) and also helps to protect you from hackers and malware.

There are many different VPN providers available, with services costing under $15 per month, but a few companies stand out in the crowd. One of such companies is ExpressVPN, which offers 24-hour customer service (even via live chat through their website), a 30-day, money-back guarantee, and unlimited bandwidth and speed. According to Secure Thoughts, ExpressVPN’s software is universally compatible with all operating systems, so you won’t have to exclude it from any of your devices.

The Good Old Anti-Virus

Nearly everyone knows that anti-virus programs are a good idea, but it’s not necessarily common knowledge that they can be found for free and used on more than just your PC. Anti-virus programs can actually be used on your mobile devices as well, making it much easier to avoid malware while on the go.

This can protect your online business because it’s likely that you are storing business related information on your devices or even accessing or updating your website on them. Malware and viruses can create an issue by basically hijacking your device and even spying on your activities (in the case of spyware). It’s important to utilize your anti-virus program frequently, completing a full virus scan at least once or twice a month.

Since you are running a business, you may even want to upgrade for additional protection, but if you really can’t spare the cost, free versions offered by Panda or Avast! should do the trick. Just remember to have them installed on all of the devices that will be used to access your company’s website or store and/or share any information related to your business.

Business Accounts

Passwords are extremely common when dealing with anything online, and they’re the most basic form of protection when it comes to your accounts. Unfortunately, they can also be easily stolen or even guessed. To prevent this from occurring, it’s important that you use strong passwords that contain a combination of numbers, uppercase and lowercase letters and symbols (when possible).

All of your passwords should also be at least eight characters long and never reused for more than one account. Changing them at least every few months is also a wise idea. Of course you should also avoid using any sort of personal information or business related information as your password as well.

Another issue could arise when you’re sharing your passwords with your employees. For example, perhaps you had to let someone go, and they decided to sabotage one of your business accounts. To avoid this from occurring, consider using LastPass, which is an online service that will allow you to grant employees access to accounts without giving out your password.

Limiting Credit Fraud

Credit fraud can be a costly for your business and may threaten both your inventory and your reputation. To keep your business safe from this unscrupulous practice, there are a few steps you can take. Keeping your website’s software up to the latest version is one of the most important things to stay on top of.

You’ll also want to ask customers for their three or four-digit security code to verify any transactions, as well as their billing address and phone number. Verifying a card’s billing address with the credit company can help detect fraudulent transactions, as stolen cards frequently use incorrect billing addresses.

Be on the lookout for unusual orders; if your typical sales range in the mid to low hundreds and someone places an order without prior contact for several thousand dollars’ worth of merchandise, you may want to investigate the order by emailing or preferably calling the supposed recipient.

Remember your target market. If the majority of your goods are designed for customers in the US, an order with a US credit card to a foreign county should send up warning flags. Cybercriminals frequently use rush shipping to reduce the likelihood of being caught, particularly for large orders.

Consider screening for other suspicious activities, such as credit cards whose owner differs from the shipping address or whose account uses multiple different cards. Even requiring accounts to make orders can help keep track of who is ordering what and may deter more sheepish criminals.

Services also exist to act as gateways before your website’s checkout. While processors will cost some money, they can save you a lot in the long term by helping you avoid chargebacks.

Just be sure not to take things too far. Being vigilant for criminal activity is good, but hassling your customers too much can lead to a loss of business. Use discretion, and be courteous when dealing with customers, even if you suspect they may be perpetrating a crime.

Protecting Your Online Business

Internet security does not have to be a complicated matter, even for those who have a reputation to protect. Common online security mistakes are easy to avoid if you know what you should be looking out for. By implementing security measures of any sort, you’ll be much better off than if you were to leave your company unprotected online.

Most of all, remember to work diligently to protect your customers’ information. Your customers are what keep your business running smoothly after all!

Share Button

Author: Cassie Phillips

Cassie is passionate about writing and about security. She is excited to combine her two passions together to do something she loves and help others become more secure. She has also written about keeping your kids safe online, securing your blog, and staying safe while traveling.

42 thoughts on “Keeping Your Online Business Secure”

  1. Some great advice there Cassie.

    I’d also add changing default usernames if you can. The amount of times I’ve seen someone trying to hack ‘admin’ on a WordPress website….okay it’s quite a lot!

  2. Some great tips here, thank you. Security is something I forget to review but will now spend some time on it as I couldn’t afford to lose any aspect of our business right now. Good to know that we already use NordVPN though.

  3. Yes, when it comes to protecting your online store, 3rd party VPN is must required if you don’t have such a skillset or team. Almost all new eCommerce sites use the Norton security system by Symantec. I am not promoting this company anyway but I saw their symbol whenever I purchase anything from any website, therefore!

  4. Hey Cassie,

    It is really important to keep an eye on the security aspects for online tasks, especially during these days. I use Surfeasy VPN to protect myself from such bugs. Thanks for sharing these useful tips.


    ~ Rahul

    1. Vickie,
      Thanks for letting us know that you found Cassie’s post informative.I find the WordFence plugin works well for WordPress websites. There’s a free version that meets the needs of many bloggers. They also offer premium solutions if you’re looking for more protection.

      I’ve also subscribed to Sucuri security solutions. (You can find them at I had a client site that was on an outdated version of Joomla. It was such an old version that his site couldn’t be updated.

      Since my client did not want to invest in a new site, we secured it with a $10/month firewall from Sucuri. It was a temporary solution but it offered the protection that we needed.

      I hope that helps. Thanks for dropping by and adding to the conversation.
      Sherryl Perry recently posted..Commenting On Blogs – What Strategy Works for You?My Profile

  5. Hey Cassie

    I appreciate your suggestion. I found VPN the most effective and useful one. Especially, I can sleep peacefully when my asset is safe from online thieves.

    1. Hi Paradeep,
      Thanks so much for sharing your experience with VPN. It’s always good to hear from readers who can attest to whether or not something works. I use Google 2-step verification as well. The most recent hack of passwords (Google, Microsoft and Yahoo) is proof that we need it.

      I hope you are having a wonderful week. Please accept my apologies for not replying to you sooner.
      Sherryl Perry recently posted..Do You Sell Online? Want To?My Profile

    1. Hi Sam,
      Thanks for joining the conversation. Would you mind sharing with us what you’re spending that $50 a month on? The reason I’m asking is because there are much less expensive options (such as a Sucuri firewall for as little as $10 a month).

      Of course, it depends on your circumstances. Are you running a website where you capture confidential and/or financial data? (I visited your site and it looked like a WordPress blog similar to what many readers here have.) I think it would be interesting to know more about your particular circumstance and what solution you’re using. Thanks!
      Sherryl Perry recently posted..Case Study: Consolidating Multiple Websites Into OneMy Profile

  6. Cassie,Good insight on a very important topic! I think we should also include risks associated with using a public wi-fi network. We do cybersecurity and I routinely come across business folks who put in so much work and efforts to protect their information but then go out and casually use a public wi-fi network such as a local coffee shop.

    Public wi-fi networks not only expose your business on the spot, but also put in a “seed” on your device for future use. For example, if you regularly use wi-fi at your local Panera, a hacker can just park in-front of your home and create a “fake” Panera network to download everything that you have on your laptop/smartphone.

    Have a great weekend!
    Manoj Tomar recently posted..The Net Neutrality Debate in IndiaMy Profile

    1. Hi Manoj,

      Thanks so much for sharing your expertise with us! I know my readers appreciate hearing from others who share their thoughts and experiences.

      You raise such a valuable point about casually using wi-fi networks. Just yesterday, my husband and I were at a big box office warehouse store shopping for a new office chair. I had purchased a chair online but we had to return it. (Sometimes, there’s no substitution to trying out a product in person.)

      We found a chair that we liked but we were not happy with the price. I hopped online and sure enough, the chair (in black which was our first choice) was available for $100 less on their website (with free shipping).

      There was no way I was going to buy it online using an unsecure network. Thankfully, an associate honored the price.

      I hope you have a great weekend too and thanks for letting me know about the mixup with your comment landing on the wrong post. I also want to apologize for not replying sooner. I haven’t been feeling well the last few days. (Although, I did manage to drag myself to the store with my husband. He would have paid full price! 🙂 )
      Sherryl Perry recently posted..Case Study: Consolidating Multiple Websites Into OneMy Profile

    1. Hi Jack,
      Thanks for the suggestion to use a virtual credit card. I just did a quick search and found an aticle about using them on Their take on this was:

      “If your credit card number gets compromised, you could find a big surprise on your next bill. But by paying with a virtual credit card, you vastly reduce the possibility of bogus charges.”

      So, it’s definitely worth looking into. I appreciate your joining the conversation. I hope you’re having a nice weekend!
      Sherryl Perry recently posted..Case Study: Consolidating Multiple Websites Into OneMy Profile

  7. Yep, these are great tips. I personally like to use a VISA debit card for my online transactions and that way I can control the limit that\’s in the account.Top up as I go.You’ll also want to ensure your website is secure as you\’ll find bots are trying for security exploits every minute of the day. It\’s best to keep your software and plugins updated.
    Hammo recently posted..Is Wealthy Affiliate a SCAM?My Profile

  8. I have always thought that adding SSL “Https” to the website address would be enough as a security measure.
    I know now that https is mandatory and requested by all the major sites (Google, Facebook etc … ) if you wish to work with their Api’s and Integrate their stuff into your website and they say it is safer and for security reasons.
    But now you brought great new point to my attention, I’m not really worried about my own PC and the local antivirus thing but I think the private network VPN argument is solid and really make sense to me.
    Mitch recently posted..Photo Scavenger Hunt with a Twist | Dating Ideas WorldwideMy Profile

  9. Cassie & Sherryl — thanks for discussing this important topic. Nothing is totally secured as Adrienne found out but we need to do our very best. If we do nothing then surely one day a hacker will invade our “premises.” The problem is the hackers seem to be always one step ahead of us. They’ve stolen sensitive documents from the U.S. government, including the Social Security numbers and other personal information from government employees. I’m glad I don’t sell direct from my website because if I did security would be a constant worry.
    Jeannette Paladino recently posted..Can You Give Away Your Content and Still Make Money?My Profile

    1. Hi Jeannette,
      I am so sorry that I haven’t replied to your comment. I honestly thought I had!

      I was surprised to learn that Adrienne ran into that issue with her hosting provider. It sounds like it was a fluke. She’s lucky that she has such supportive readers and that she had a recent backup.

      It is both discouraging and scary that hackers have been able to steal sensitive U.S. documents. I try so hard not to store my credit card information online but sometimes, companies automatically save your card information without asking. I try to always make online purchases as a guest to avoid this but sometimes a company will make their customers create an account. I always make certain that if they do capture my card info that I immediately delete it. Still, it’s unnerving.

      Thanks so much for weighing in on this Jeannette. It’s always a pleasure to see you here.
      Sherryl Perry recently posted..Case Study: Consolidating Multiple Websites Into OneMy Profile

  10. Hey Sherryl,

    Good to see you back but I see you have a guest today. I haven’t had the pleasure of meeting Cassie but I do appreciate what she’s shared here. Such an important topic.

    I have to tell you what happened to me recently. I am on a VPS server and I actually love it personally. Since joining them two years ago next February I haven’t had any issues that I dealt with before moving over to this type of account. BUT, I got an email from a blogging friend at midnight last week telling me that my entire site had a 404 error. I emailed my hosting service to find out what was going on and my entire public folder had been deleted. They told me I deleted it which of course anyone who knows me knows that’s a crock.

    They hadn’t seen any type of suspicious activity on their servers and of course couldn’t tell me how that could have possibly happened unless someone got into my account and deleted it. Now I had a full backup and they had me up and running in less than two minutes but I was floored that happened in the first place. On a VPS server too! Kind of scary actually but overall I’ve never really had any issues and will continue to stay with them and I do highly recommend people going that route.

    I also have been using LastPass for years now. Don’t know how I would get along without it. I used to keep all my passwords in an excel spreadsheet but this program rocks. SO easy to change your passwords and make them so strong you don’t have to remember them.

    Appreciate what you shared here Cassie and thanks for bringing this to our attention. Hope both you ladies are having a wonderful week.


    Good to see another post up my friend and hope you’re doing well.
    Adrienne Smith recently posted..Why Baby Boomers Should Be BloggingMy Profile

    1. Hi Adrienne,

      Wow! That’s quite an experience that you had with your webhost. I knew that you had moved your site and that you were happy with your new vendor. It’s discouraging to learn that they accused you of deleting your site. That’s ridiculous.

      You do expect a higher level of service when you’re paying for hosting on a VPS server. Did you take them to task? I would expect an apology from them. I hate to say it but when customer support shows signs of weakness, it can be an indication of a bigger issue. Hopefully, this won’t be the case and it is just an isolated instance where someone wasn’t following protocol.

      This does bring me back to an earlier time when I was incurring an unacceptable amount of downtime from my hosting provider. I had been with them for years and slowly watched as their tech support associates went from knowledgeable, informed staff to people who were clearly reading from scripts.

      The final straw for me was when a tech support associate told me that it was “a known problem with that server”. He then proceeded to tell me that they would not move my site. So, we all know how that went. I moved my site myself – to a different host.

      It’s good that someone alerted you to the problem and that it was rectified so quickly. Thank goodness you had a full backup. That is testament to the importance of all website owners having their own backups.

      Thanks so much for sharing your experience with us and for recommending using a VPS server. It’s good to know that you use LastPass too. I was using it and I got out of the habit. I should start using it again. It’s so important to use really secure passwords and change them frequently.

      I appreciate your coming by and taking the time to share your insight with us. I hope you’re having a wonderful week ahead too!?
      Sherryl Perry recently posted..Do You Sell Online? Want To?My Profile

    2. Adrienne,

      Nice to meet you!

      Wow! What and experience! I am glad they were able to get you back up and running so fast. You also bring up a great point, make sure you are backing up your site on a regular basis, this can make a huge difference when something happens.

      I use LastPass as well, though I am skeptical still. I do not store the information for my bank account there just because I know they can be hacked, as they were earlier this year. With that being said though, it is simple to use and like you said, you can change your password and make strong passwords without having to remember it.

      Thank you for reading and sharing your experiences! I hope the rest of your week goes well.
      Cassie recently posted..How to Protect Your Money OnlineMy Profile

  11. Katrin,Thank you for your comment. You do bring up some great points. The thing is that surprisingly few people think about security when they start an online business. I have had several people tell me they didn\’t even think about security, and so my goal with this post was to make sure people are actually thinking about it. If a large company such as Target can be hacked, a small company can as well. Thanks again for your comment!
    Cassie recently posted..Best VPN For OmegleMy Profile

  12. Hi Susan,I\’d like to suggest a change in perspective here.These big corporations collect a lot of information from their customers and use it for their purposes. That fact in itself makes them a target: they possess sensible information.More often than not, they do not apply appropriate security to the information they collect. In short, they don\’t act very responsibly.Business owners can do something to get themselves covered. Even though the topic seems so big, there are really some practical steps everybody can do. But of course, the point is to maintain a security awareness and consistently maintain your applications. It is not enough to do some checks in January as part of a New Year\’s resolution, and then drop it again in February.It\’s a responsibility, but it is manageable.
    Katrin recently posted..How To Leverage Your Technological InfrastructureMy Profile

  13. It really is scary, the thought of having online business. On the one hand, of course, there are so many reasons why I want to do it. But then you hear of huge corporations like Target for example and the security breaches. It just makes one wonder, with Target’s size and budget…. if they can’t keep customers info safe than who can?
    Susan cooper recently posted..Terra d‘Oro Winery Zinfandel Port: #Wine.My Profile

    1. Susan,
      That’s why solopreneurs and small business owners need to outsource the online commerce parts of our businesses. We don’t have the resources to handle them in-house.

      I think the way that you incorporate eCommerce into your blog is a good example for how bloggers can begin monetizing their sites. Have you given thoughts to having an eCommerce store?

    2. Susan,
      You are right, it is scary. You are responsible for keeping your customers data safe. First off, at least you are thinking about the security of your eCommerce site, that is the first step. Second, although you will always be at risk, chances are you will not have as many customers as a store like Target, so your store won’t be as appealing to hackers because there is not as much information. With that being said though, Sherryl makes a point when she says you should “outsource the online commerce parts” of your business. Thanks for your comment!
      Cassie recently posted..Best VPN For OmegleMy Profile

  14. Hi Cassie and Sherryl,

    Yes, this is a big issue for everyone using the web. Here in the UK we’ve just had a big telecom company get hacked really easily. Now lots of people are getting cold called from people who’ve bought customers details and are ringing them up trying to get access to their bank account details. One of the hackers (allegedly) is just 15 years old.

    Trust is a big issue for many people, especially if they’re not tech savvy and have to rely on 3rd party’s honesty.
    Tom Southern recently posted..Blogging Tips, Strategies And Tactics: How To Sort Through The Pile and Find The One That’ll (Actually) Work For YouMy Profile

    1. Hi Tom,
      Hacking is a huge issue here in the U.S. too. It’s unbelievable. It seems weekly, we’re hearing of large corporations that are being compromised.

      I try to limit the number of companies that have access to any of my information. Several companies I deal with (such as utility companies) offer incentives to have my monthly payments deposited directly to those accounts. There is no way that I’m giving them access to my banking information. I prefer to do my online directly through my bank using my Internet connection.

      Thanks for weighing in on this! It’s always good to see you here.
      Sherryl Perry recently posted..Security on My Mind: How To Successfully Evaluate and Protect Your Online Technology AssetsMy Profile

    2. Tom,
      Ahh yes, I heard about the TalkTalk hack. It is the same here in the US, as Sherryl said, it seems like we hear about another big company being hacked almost weekly. Many of them are companies we would hope would take security seriously. It is sad, but hopefully people know not to give out their bank account information over the phone. If a company calls me and wants my information, I always hang up and call them back using the number I have on the bill or card to make sure it is legitimate. Thanks for reading and commenting!
      Cassie recently posted..Best VPN For OmegleMy Profile

  15. > Be on the lookout for unusual orders

    When I was new to a job as a software developer we were updating the website for a non-profit. I was going over the site and entered in a negative donation. It reduced the amount owed on the rest of your order. I think that would also qualify as an unusual order. If you allow users to enter a donation you probably don’t want to let them enter negative donations 🙂
    John recently posted..Multi-generational Housing CommunitiesMy Profile

    1. Hi John,
      That was a good catch! It brings back memories of when I was in IT. I used to enjoy beta testing and looking for bugs like that. That program definitely should not have allowed that.

      I know this is off topic but your comment brings back memories of a large non-profit that I worked for. We used to process large numbers of donations. None of them were online and the vast majority of the donations were cash or check.

      When it came time to accept donations online, the credit card processing was outsourced to a 3rd party. Given the security concerns, that was a wise decision.

      As always, thanks so much for dropping by and joining the conversation. I always enjoy reading your comments. Have a nice weekend!
      Sherryl Perry recently posted..How to Secure Your WordPress Site and Add Functionality #FridayFindsMy Profile

  16. Very important issue you are coming up with, Cassie!

    Business or Website Security seems to be one of the topics many people seem to avoid as it is hard to grasp. I am often stunned when I client tells me they haven’t done anything to protect their WordPress site in the last two or three years – no plugin updates, no theme updates, no WP updates!

    I am not intending to play with fears, but it’s certainly a good idea to raise awareness about security issues, and help people to take action. – You came up with anti-virus: there is never a 100% security for anything and maybe I am a little conservative here, but I do recommend to spend $50 on a license for an acknowledged anti-virus software.
    Katrin recently posted..How To Leverage Your Technological InfrastructureMy Profile

    1. Hi Katrin,
      Thanks for letting us know that you enjoyed Cassie’s post. I’m amazed when clients don’t want to update their websites.

      I worked with a client who flat out told me that “if it’s not broke, don’t fix it”. He was referring to updating WordPress plugins. I had just completed a project for him (writing a procedure manual for a site that he had launched) and I had suggested that he retain me to maintain his site. For the life of me I could not convince him to update his plugins.

      I had installed WordFence for him, and his site was clearly being targeted. Yet, he was not concerned. I explained the risks to him but he was adamant that I was overreacting. I couldn’t even convince him that he should update them himself. Oh well. I haven’t heard from him for years.

      Thanks so much for kicking off the conversation and sharing your thoughts with us. I hope you have a great weekend.
      Sherryl Perry recently posted..Choosing WordPress Themes: Security Risks, Code Bloat and Other IssuesMy Profile

      1. Hi Sherryl,

        well, this is one of the cases where we have to allow people to make their own experiences.
        There is a saying in German, not sure if you have something similar in English. It goes like that: “You can show a donkey where the water is, but you cannot force the donkey to drink it.”

        Holding such a strategy in place (like your client) may go well, but maybe it doesn’t. In my opinion, if our business is something we hold dear and that is important for us, it would be an act of responsibility to take appropriate action for its security. It is not about being hysterical, it is about caring enough to do what needs to be done. – Have a good week! 🙂
        Katrin recently posted..How To Leverage Your Technological InfrastructureMy Profile

        1. Hi Katrin,
          I have heard that expression before but it was a horse not a donkey. 🙂

          I tried to reason with that client and I went so far as to explain to him that since he used a shared hosting account, he was putting others at risk as well. It was to no avail.

          I honestly don’t know what he’s doing now. The conversation ended and he definitely was not my ideal client. So, I never pursued working with him on other projects. I prefer working with people who value my input and want to work together to build their business.

          You have a good week too!
          Sherryl Perry recently posted..SEO Resources Bloggers Can Use #FridayFindsMy Profile

    2. Katrin and Sherryl,

      You both bring up great points. It is amazing how many people refuse to update their plugins, even if you explain that they are now leaving a hole for hackers to get into their site. You are also right in saying that they just have to make up their own minds, we cannot force them to do something they don’t want to do. In these cases we can hope one of 2 things happen, either they are lucky and nothing happens, or they are unlucky and they get hacked and learn from their mistakes. Thanks for reading and commenting! Glad you enjoyed the post!
      Cassie recently posted..How to Protect Your Money OnlineMy Profile

      1. well, this is one of the cases where we have to allow people to make their own experiences.
        There is a saying in German, not sure if you have something similar in English. It goes like that: “You can show a donkey where the water is, but you cannot force the donkey to drink it.”

Comments are closed.