What is Trade Smart?
As part of their current ‘Trade Smart Online’ campaign, our friends at CERT NZ are providing some practical steps you can take to keep your business website safe and secure.
The four priority measures to get underway now are outlined below. The full list of steps to protecting your website is available at: www.cert.govt.nz/protect-it
Secure the data on your website
Your customers trust you to keep their information, and the communication you have with them, confidential and safe. An easy way to give your website added security and privacy is to enable HTTPS across your entire site. HTTPS keeps the information transferred between you and your customers confidential by encrypting it. This stops attackers from getting the login details or credit card information customers submit on your site. HTTPS should be enabled across your entire website.
Update software and devices
Running a business is hectic. There’s so much to remember and keep track of – from payroll to sales and purchase transactions and stock control. Give yourself one less thing to think about by automating as many tasks as you can, including updates. Updates not only add new features, they fix issues or vulnerabilities that allow attackers to get the valuable information on your website. As the business owner, it’s your responsibility to make sure your website’s software is updated and any security patches are applied.
Get PCI DSS compliant
If you trade online, you’ll want to get up to speed on the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS helps ensure the online transactions on your website are safe and secure, and that your customers’ card data is protected from attackers. Being PCI DSS compliant means you’re well-placed to avoid a security breach that can result in loss of revenue, customer trust and reputation. Most banks require PCI-DSS compliance for any site accepting online payments, so talk to yours about what’s involved. ANZ BNZ Kiwibank Westpac
Find out more about PCI DSS and safely operating an e-commerce site safely here.
Renew your domain
When you registered your domain name you obtained a licence to use that name for the registration period, but you don’t own it. If your domain licence were to expire an attacker could claim it and set up their own scam website selling fake goods or serving malware using your business’s name. Keep your domain yours by making sure your registration stays current. Ask your domain provider about auto-renewing your domain.
Read the Domain Name Commission’s advice about domain name registration here.