4 B2B eCommerce Security Questions Distributors Should be Able to Answer

March 14, 2019

Category: Best Practices

Data, security, and compliance are some of the most talked about topics for B2B businesses today. Data breaches, hacking, and network failures are things that keep many distributors up at night. However, it’s no longer just your own processes and procedures that you have to worry about. As business continues to grow and more of your customers are placing orders online, you may start to get questions from them about data security and risk of the software you use.

Large B2B buyers are now requiring distributors to make significant investments in data security and adhere to very sophisticated security and compliance processes as part of doing business.

So, whether you are currently supporting large customers on your eCommerce platform, or you are targeting large customers in your sales process, you need to make sure that you, and your eCommerce vendor, have invested in security and are qualified to support these increased security requirements.

When your customers or prospects come to you with questions about security and compliance, you should be able to confidently provide answers that meet and exceed their expectations.

4 B2B eCommerce Security Questions Distributors Should be Able to Answer:

1. How do you maintain a secure network and system?

For questions like this one, you’ll need to know what your eCommerce vendor is doing to protect the network and system from unauthorized access both physically and digitally. There are many steps involved with ensuring networks and systems are secure.

SIEM software is a tool that is used to continually monitor servers and network for unusual or malicious behavior. While a SIEM system isn’t required or completely infallible, your customers are going to be looking for this to see how seriously you take security. In almost real-time, it monitors, aggregates and collects log data and will alert the security team of any incidents or events.

eCommerce vendors that take security seriously understand that security isn’t isolated to networks. An eCommerce vendor can purchase multiple pieces of security software to help audit and prevent security incidents from an employee standpoint. Security software enables employees to practice proper security and protect them and their customers. It also provides security teams visibility into end users’ security practices to make adjustments.

2. How do you help me protect my customer data?

To answer this question, you’ll need to explain things like how your eCommerce vendor’s systems accomplish data encryption, payment processing and what their privacy policy looks like. To reduce risk, and keep your customer’s data safe, eCommerce vendors should have processes and systems in place to ensure this.

An eCommerce vendor should have a strong privacy policy in place that is clear. The privacy policy should explain what type of customer information is collected, why it’s collected and how it’s kept safe. A privacy policy indicates that the eCommerce vendor is transparent with their security and taking steps to ensure data is secure.

Many payment processors quickly encrypt customer data through a process called tokenization. In this process, sensitive credit card information is replaced with a random code called a token. The token lets your customers place orders and re-order knowing that the credit card information isn’t being stored and their privacy is being protected. This protects the data from security breaches and complies with PCI regulations.

3. How do you maintain vulnerability management?

For this question, you’ll need to understand and describe the tools that your eCommerce vendor uses to monitor, prioritize and rectify risks to your data.

Vulnerability management is the process of staying on top of vulnerabilities and security risks to ensure management oversight. Vulnerability management has been mandatory for security teams for a few years. Your customers are going to want to know that you are doing more than just running a quarterly scan or submitting response plans.

Strong vulnerability management includes four high-level processes that include discovery, reporting, prioritization, and response. (Source) These processes scans for threats and vulnerabilities both internally and externally which then alert the eCommerce vendor to any vulnerabilities that need to be patched. After, patches and remediation take place to fix the vulnerabilities.

4. What investments have you made in security?

In almost all cases, you will have to provide your customers with evidence of your compliance with established and emerging security standards, each of which involves significant investments from the vendor. Your eCommerce vendors should be able to show that good data protection is an integral part of running their business. It’s important to ensure that they are complying with federal and global rules and regulations.

A few examples of these security standards include PCI certification for handling credit card transactions, SOC 2 for storing customer data, GDPR for data privacy processes in the EU as well as California, and EU/Swiss Privacy Shield for handling data of customers in Europe. These certifications are highly involved and expensive to comply with.

In today’s day and age, data and security go hand in hand. You have a responsibility to protect your customers’ data. A B2B eCommerce partner that takes security as seriously as you will help instill confidence in your customers. Four51 understands that security and compliance are critical to your success.