Another month, another episode of the Official Plesk Podcast: Next Level Ops! In this episode, we have Chris Teitzel, the Founder of Lockr.io. Chris is a cybersecurity expert, and we’re going to get pretty deep on the importance of security when it comes to your eCommerce store, and how you can reduce liability while focusing on what you do best: running your business.
In This Episode: Security, SSL, and PCI Compliance
Chris has quite a résumé. On top of running a cybersecurity agency, offering a product that touts some of the highest-level security available, and teaching people about how to secure their websites, he also sits on the Data Privacy and Integrity Advisory Committee (DPIAC) for the Department of Homeland Security.
As Chris mentions in the episode, every decision they make there, which affects privacy and security for larger organizations, trickles down to small businesses:
All of the policies and all of the procedures and everything that we talk about at scale apply to even the smallest companies. But the hardest part about being a small online retailer is that you don’t have the bandwidth to go and do that.
So while those large organizations have the money and team to implement these regulations and mitigate liability, most of us don’t. What can we do? Luckily, there are a lot of great tools out there to help small business owners do the same thing without the mounds of money.
The first is using an established payment gateway like Stripe and Square to accept payment processing. You don’t need to become a merchant and accept the legal liability of taking credit cards any more. Within a few minutes, you can set up a Stripe account and be ready to go.
The second is SSL certificates through Let’s Encrypt. If you’re accepting payments, you need to use https, and that requires an SSL certificate (or more accurately, as we discuss in the episode, a TLS certificate). With Let’s Encrypt you can get a free certificate that is just as good as the paid ones, as far as security goes.
These 2 services will allow you to accept payments online without the need for millions of dollars to be compliant.
- SSL stands for Secure Socket Layer, and it allows you to send secure data over the internet. As Chris puts it, “[SSL] allows 2 parties to connect and talk over a secure pipeline,” which establishes, “trust in an untrusted environment.”
- SSL certificates protect from “Man in the Middle” attacks – basically a bad actor attempts to intercept data as it’s sent from a computer to your website.
- Let’s Encrypt is quickly becoming the go-to for many people to implement SSL on their site. It’s free and offered by most hosting companies, meaning no website has an excuse not to use it.
- Using managed hosting for your WordPress or WooCommerce site also helps keep your site secure. This allows you to focus on what you do best, because that’s where you’ll make money.
- Anyone accepting credit cards needs to be PCI Compliant. This is a global standard set by the major Credit Card companies to ensure data security when processing credit card transactions. Luckily today, we have Stripe and Square, who accept the compliance and liability that goes with it.
The Official Plesk Podcast: Next Level Ops Featuring
Joe is a college-accredited course developer and podcast consultant. You can find him at Casabona.org.
Chris is the Founder of Lockr.io.
Did you know we’re also on Spotify and Apple Podcasts? In fact, you can find us pretty much anywhere you get your daily dose of podcasts. As always, remember to update your daily podcast playlist with Next Level Ops. And stay on the lookout for our next episode!