Cybersecurity Awareness Month: Establishing a Strong Security Culture

Believe it or not, 24% of all cyberattacks are targeted against retailers.

And if that number doesn’t get your attention, The State of Ransomware in Retail 2022 found that retail had the highest rate of ransomware attacks in 2022 out of all surveyed sectors. 

Needless to say, cybersecurity is no small issue in the world of ecommerce — which is why, for the month of October, BigCommerce has been participating in Cybersecurity Awareness Month.

Since 2004, the President and Congress have declared October as Cybersecurity Awareness Month, “helping individuals protect themselves online, as threats to technology and confidential data become more commonplace.” 

Partnering with our very own cybersecurity team, we’ve put together a toolkit of content, including blogs, podcast episodes and videos to help keep you and your customers safe. 

See Yourself in Cyber

This year, the theme of Cybersecurity Awareness Month was “See Yourself in Cyber” — which highlights that, while cybersecurity may seem like a complex subject, at the end of the day, it’s all about people. No matter what role you hold in your organization, everyone has a part to play in protecting your business’s online information and privacy.

So, BigCommerce focused on the “people” part of cybersecurity. With insights from our very own BigCommerce security thought leaders, our goal was to empower merchants with strategies on how to establish a strong security culture within their organization.

In case you missed them, here’s an overview of the topics we covered:

Fostering Strong Relationships Between Security Teams and Partner Organizations

According to a Forrester Consulting study on the relationship between IT, security and development teams, 52% of developers believe that security policies are a barrier to innovation — which goes to show that there’s often a gap in collaboration between security teams and developers.

So, for this conversation, Airon White, Manager of Product Marketing at BigCommerce, sat down with BigCommerce’s VP of Cybersecurity, Dan Holden, to discuss the importance of developing strong relationships between security teams and partner organizations. 

Make It Big Podcast: How to Guide Internal Teams to be Security Champions

One of the biggest challenges internal and external security teams face is getting along with their IT or engineering teams, since security teams tend to be viewed as blockers. To help our merchants overcome this tension, we wanted to explore how ecommerce security teams can work side-by-side with software engineers and other internal teammates to create an environment that allows their businesses to thrive in security.

For this Make It Big Podcast episode, Francis Dong, BigCommerce’s Senior Security Application Engineer based in Australia, breaks down how to safeguard your business by inspiring internal teams to become security champions. 

Top Tips to Improve Cybersecurity

Ultimately, the goal of our Cybersecurity Awareness Month series is to equip our merchants with the tools to protect their businesses and their customers — which is why we sat down with our very own BigCommerce cybersecurity team to lay out the top tips for keeping your online store secure.

Answering some of the top cybersecurity questions from prospects and merchants, our cybersecurity experts provided four key takeaways for ecommerce merchants:

Enable two-factor authentication.

 Unlike two-step verification, which simply authenticates one single authentication factor twice, two-factor authentication involves verifying two different factors of authentication.

Use optimized one-page checkout.

“This provides higher security features such as credit card fields, additional fraud protection and bot detection to prevent malicious actors from abusing your payment processor,” says Adam Dyche, Senior Application Security Engineer.

Enable extreme options within your BigCommerce Control Panel.

In addition, enable your site’s security headers to force HTTPS connections.

Use canary tokens.

This will keep you alerted to potential site cloning via a honeypot. For more information about how to use canary tokens, speak with your BigCommerce web developers.

Also, subscribe to the BigCommerce Engineering blog, where we’ll be sharing even more content from our cybersecurity team throughout the rest of the year.

The Final Word

As we’ve demonstrated this month, safeguarding your ecommerce business requires two important steps: 

1. Connect: Establish strong relationships between security teams and partner organizations, and encourage people in your organization to work side-by-side — not head-to-head. 

2. Protect: Protect your organization through security best practices, such as multi-factor authentication, secure site licenses and trusted apps. 

Of course, even though October is the official Cybersecurity Awareness Month, cybersecurity matters all year long, so this information is always relevant. 

Using these meaningful tips and strategies from our very own BigCommerce security thought leaders, you and your team will be well on your way to making a difference in each other’s lives and the lives of your customers.