David Midgley, head of operations, Total Processing
David Midgley, head of operations, Total Processing

For small businesses, building a good reputation can help them to go from strength to strength. Conversely, gaining a bad reputation can lead to a lack of custom and ultimately, the failure of the business.

Therefore, it is important for a business to use all the methods available to them to positively enhance their profile and their reputation. This is particularly true of an ecommerce business, as being perceived as a secure site where the customers' personal and financial information will be safe is paramount to their success.

Hence, when considering eCommerce sites, it would be fair to say that attempts to make the site as secure as possible will also help to positively boost the company's reputation as well.

The good news for small businesses is there are some relatively simple and common sense measures that can be taken that will achieve both.

Firstly, if you haven't already, I strongly recommend that all businesses, particularly those operating in eCommerce, move their websites over to HTTPS protocol. I'm sure you all already know how HTTPS works, but for the uninitiated, HTTPS works by adding a Secure Sockets Layer (SSL) or Transport Layer Security (TLS) encryption layer to the basic HTTP protocol. This means that clients and servers are still speaking the same “language” to each other, but all requests and responses are encrypted before they are sent and then decrypted at the other end.

Given the personal and financial nature of much of the information that is sent by a customer when they're on an ecommerce site, it is vital that the messages being sent and received between the browser and the user can't be intercepted, and then potentially exploited, by unscrupulous parties.

On this note, it is a misconception to think only sites that take a user's personal and financial details should protect the communications that take place between their sites and a user's browser. All the information a site sends to a browser – cookies, HTML code, scripts, etc – can also be intercepted and thus, HTTPS also helps to prevent other parties being able to intercept and tamper with this information.

These other parties can range from wholly malicious hackers seeking to install malware, ransomware and spyware all the way to reputable organisations seeking to insert their own adverts onto the webpage presented to the user. While the latter may be pretty harmless and there is no ill intent other than trying to sell products or promote a service, the former is potentially very serious, as this kind of interception can be used to gain users' details leading to instances of fraud.

While HTTPS isn't perfect, it does go a long way to protecting the integrity of a browsing session and the security of transactions on ecommerce sites. If all sites were to move to HTTPS protocol at the very least, I argue that it would make the internet a much safer place, although admittedly, hackers would then try to find ways to exploit the vulnerabilities the protocol has.

To further protect themselves and their customers from a hack, there are other measures ecommerce sites should take that will go a long way to strengthening the security of the website and helping to prevent themselves and their customers from becoming the victim of a hack. For example, remembering to update your system software and keeping your email and spam settings rigid will help to keep a site secure. If a hacker does manage to find a way in, implementing 2-Factor Authentication (2FA) for all transactions is a great way of stopping malicious parties in their tracks and preventing them from using customers' stolen details.

Some people will argue that doing all of the above costs both time and money and that a site using HTTPS is slower than one using HTTP protocol. However, the effect on a site of implementing HTTPS is marginal and barely noticeable to the vast majority of users. The cost of buying and renewing SSL certificates and software packages, meanwhile, will be far outweighed by the security benefits in the long run too.

For these reasons, and more, if you haven't already, move your business' website over to HTTPS protocol, ensure you have installed the latest versions of all your system's software and make sure to implement authentication processes for all transactions on your website. Even simple measures such as these go a long way.

Contributed by David Midgley, head of operations, Total Processing