For SMEs, selling online usually requires using one of the big e-commerce platforms to take orders as the cost of developing and maintaining your own platform is too expensive. Your website may be using a platform hosted and maintained by the company that supplies it, or it could be done by the company that built your website. As a business owner, you shouldn't need to care which option it is; you just need to know it is secure. In either case, at some point, there will be the need to update the platform to make it more secure and protect the information it holds from cyber criminals who find new ways to break in.
What can cyber criminals do?
It depends on the flaw they have found. They could extract client details, take over shopping carts etc. Criminals are organised and apply their extensive resources to find ways to break into e-commerce platforms (and other software). Once they have found a flaw, they find sites that use the version of software with that flaw and start to exploit it. They usually circulate details of the flaw so other criminals can also use it.
Making it secure again
The companies that supply the platforms are always looking out for security issues and issue software patches to fix them. When a patch is available, they publish details of the flaw and how to apply the patch.
Questions to ask the company that maintains your website
Many companies apply updates within a short period. But if they don't, you run the risk of your website being compromised. If that happens, it can damage a company's reputation and lead to financial losses. Think of the issue with the Talk Talk website; not an SME, but it shows the damage that is done when there is a website security issue. You need to ask two questions.
- Does my website use the latest secure version of the e-commerce platform. I recommend you ask this on a regular basis. Only accept 'yes' or 'no' answers. If it isn't 'yes' then assume it isn't running the latest secure version
- If the answer is 'no', then ask when it will be applied