Training Your Staff To Maintain Air-tight Ecommerce Security

If you own an eCommerce business, you might have had quite a good time during the Covid-19 pandemic. While—I’m sure—you are not pointing this out to friends or family who is suffering from the economic consequences of lockdown orders, you’ve probably seen an increase in orders, a rise in revenue, and have maybe even hired new staff members.

Expansion is great, of course, but it also comes with risks. Chief among these is your new staff members. Without training on how to use your eCommerce platform, they represent a huge risk to your business. In other words, ignoring security can ruin your eCommerce business just as quickly as a global pandemic.

In this article, we’ll look at why you should train all your new staff members on how to use your eCommerce platform, and what you should teach them.

Why You Should Train Your Staff

There are, essentially, two reasons you should train your staff on the security best practices for eCommerce retailers.

One – and perhaps the most important—is that if you don’t, you are going to get hacked. The 2019 Data Breach Investigations Report from Verizon found that 94% of eCommerce attacks were the result of malicious emails sent to staff members. Despite this, SmallBizTrends reports that only 31% of employees receive annual cybersecurity training. 

The best firewalls in the world won’t help your company if you don’t account for human error. Make sure your employees know how to identify malware so errant clicks don’t compromise your security.

Secondly, in many industries training, your staff on how to work with the data generated by your eCommerce platform is an integral part of your compliance requirements. Wherever you are, and no matter which industry you are in, these are likely to include the General Data Protection Regulation (GDPR) and/or the California Consumer Privacy Act (CCPA), both of which are difficult to comply with without coordination among staff members.

4 Key Lessons For eCommerce Staff

The training you give to new staff members will depend, to a certain extent, on the specific eCommerce platform(s) that you use, and the products that you sell. However, there are enough similarities between all eCommerce businesses—and between the threats that they face—for a core set of skills to be outlined. Here they are.

1. How To Spot an Attack

You probably hired your new staff members for their soft skills rather than their technical expertise—because they know how to use video marketing rather than write Python. However, it is absolutely critical that all staff members receive training on how to spot phishing emails (as a bare minimum), given just how many cyber-attacks start in this way.

Action Fraud receives more than 400,000 reports of phishing emails each year, and according to the Mimecast’s State of Email Security 2020, 58% of organizations saw phishing attacks increase in the past 12 months.

2. Taking Responsibility for Cybersecurity

Another high-level lesson that should be shared with all staff members is that your company takes cybersecurity seriously and that every staff member has a personal responsibility to ensure the security of their own systems

You will likely already have in place systems to protect your data especially when your staff is working remotely, and this should be explained to new staff members as early as possible. This training will likely include how to use a VPN, making sure that the service is as user-friendly as possible, as well as training on the best way to communicate securely when working remotely.

In practice, this means that employees should be aware of how to choose strong, unique passwords for all of their accounts, and the importance of updating their own software on a regular basis.

3. Safeguarding Financial Data

Staff should also be taught that some types of data are more important than others. Specifically, financial details relating to your business, or to your customers, should be treated with extra care.

Many eCommerce companies, in fact, take the decision to separate their financial systems from their eCommerce platform altogether, or to use more secure payment systems such as bitcoin payment gateways, in order to provide their financial data with an extra level of security. Setting up invoice reminders to automatically email staff members when payment is due, is another thing that many companies today choose to do with the help of modern and easy-to-use apps.

4. Backend Systems

Finally, it can be worth giving new staff members a tour of the backend systems that sit behind the customer-facing platforms they will be using. This can help them to understand the intricacies of these systems, and help them to spot cyber-attacks more easily.

Specifically, the best eCommerce hosting platforms will allow you to see and track hacking attempts on your eCommerce store, and collate this information into monthly reports. Sharing these reports with your staff members—both new and experienced—is a great way of keeping cybersecurity front and center in their minds.

The Bottom Line

If you find yourself in the position of hiring new staff members, well done. Scaling your eCommerce business is crucial for making it a success. However, it also comes with risks. So alongside setting KPIs for your expanding business, make sure you take the opportunity to ensure that your staff is taking cybersecurity as seriously as you are.

Sharing the lessons above can dramatically decrease your vulnerability to cyberattacks, and that can only be a positive benefit for your profits.

---

About the author:

Sam Bocetta is a freelance journalist specializing in U.S. diplomacy and national security, with emphasis on technology trends in cyberwarfare, cyberdefense, and cryptography.