E-commerce website security with Lori McDonald

  • Home
  • Podcast
  • E-commerce website security with Lori McDonald
E-commerce website security with Lori McDonald

E-commerce website security with Lori McDonald

Jeremy Cherny Podcast

Jeremy Cherny interviews Lori McDonald, President and CEO of Brilliance Business Solutions

“I started my career at NASA Johnson Space Center as a flight controller for the space shuttle program where I met my husband. He went on to work for Rockwell Automation and got a promotion that brought us to Milwaukee. I was trying to figure out what was as cool as space and decided the internet looked like a cool place to be. So I started Brilliance Business Solutions, a web development company with a niche in helping manufacturers and distributors implement digital commerce solutions, in 1998. Just this year we made the Inc. 5000 list.”

Why is security so important and how does that show up in your business?

We help companies to sell products online. So the solutions we build have to be secure. For customers to choose to work with us, they have to have confidence that we’re helping them to build secure solutions. We have to give good advice to customers about how they go about the process of doing that, and by providing secure digital solutions, our clients give their end customers the confidence to do business with them online. So for us, it’s really just a necessity in the work we do out.

How do you guys stay on top of all the latest security threats?

It is something that you constantly have to work to stay on top of. So in terms of e-commerce security, one aspect is something called PCI compliance, or the payment card industry. They have a set of standards that you have to meet in order to be able to accept credit cards. It has a series of steps that you have to take in terms of scanning sites, ensuring that your sites are meeting and passing those scans. Those processes end up being very educational. The reality is the threats are constantly changing, and you have to stay on top of aligning yourselves with other vendors in the market-software platforms that are actively working to keep their platforms secure and minimize the vulnerabilities that may exist. So training on what those platforms are doing. We are also clients of Gartner research. So we attend events that talk about best practices with respect to what’s happening in digital commerce and security.

What is something people can do to protect their websites from being attacked?

One of the things that you want to ensure that you’re doing is to stay on the latest version of whatever software you’re running and to ensure you’re applying any patches that may be available from a security perspective. A lot of companies we work with don’t always stay on the latest version, it might not be feasible. But to be aware of how long it’s been since your last upgrade, and what vulnerabilities exist in the application to be keeping a really close eye on that – it will depend on what platform you’re on – but that’s one of the most likely ways that people get hacked. Just ensuring that attention is being paid is a huge thing. When you allow your platform to be out of date, especially if it’s no longer supported, that’s where you can really get into trouble.

What do you see as the future of information security, especially for e-commerce websites?

Personal data privacy is growing in importance. I’ve been talking a lot about credit card data, but personal data is extremely important. We work with a fair amount of customers who are doing business globally. GDPR is something that comes up which stands for general data protection regulation. It’s a European standard that is required to meet for EU citizens, which we can have EU citizens in the US as well, and maintains rules around how we need to enable people to ask for what data that we have on file for them, ask people to be able to remove their data and give them choices about how their data is being used. California has its guideline around data privacy as well. And I think we’re going to be seeing more rules, requirements and regulations around data privacy, especially, as we all gain awareness of how our data is being used.