A version of this article has been published in E-Commerce Times, contributed by Yoav Kutner, CEO, and Co-Founder of Oro Inc.
In eCommerce, many view digital security and regulatory compliance as a necessary evil. Of course, robust security infrastructure is crucial, but most companies don’t want to spend too much time on these issues.
But eCommerce security isn’t something that organizations can overlook, neglect, or simply outsource, as stated by two of the IT security industry’s leading figures – NSA alum Jeff Man, and veteran white-hat security pro Joseph Kirkpatrick – in the recent episode of the B2B Commerce Uncut podcast.
It’s time for company stakeholders to step up and start taking ownership of their business’s security.
Security vs. Compliance
Regulations are always reactive. They’re based on past errors and missteps — but can’t do much to protect you against future cybersecurity threats. That’s why treating regulatory compliance as a core goal can lead to challenges.
Simply checking off the compliance rules only gets you so far. “[Security] is about the unknown — the things we couldn’t have planned for,” Kirkpatrick explains. You should be committed to staying ahead of the curve to face the cybersecurity threats of tomorrow.
The Limits of Outsourcing
In the era of SaaS and public clouds, third-party providers have become a go-to solution for cybersecurity needs.
With Amazon or Google’s cloud infrastructure, eCommerce founders might assume their security needs are covered. But it’s only partly true.
Often, major security software providers offer a full range of security features – but they’re available as add-ons, which are turned on only when you specifically request it.
For many companies, contracting a third-party provider means passing responsibility for their cybersecurity to them. This approach can backfire if you fail to communicate with and check up on your new partner. For example, it can lead to situations where key security features are never turned on, or where certain datasets or sections of your operations are excluded from the coverage.
“You just can’t not be responsible for something that’s so critical to the success of your business,” Kirkpatrick says. “You have to be ever vigilant, and you have to always be pursuing it.”
The bottom line is that eCommerce founders need to take responsibility for supervising their company’s security efforts. It’s not just something that can be delegated away. Make sure to be up to speed with your security service providers and consultants. Approaching cybersecurity as an ongoing process will help protect your data, your operations, and your customers.