Press Release

Tips for cybersecurity when buying and selling online

The EU Agency for Cybersecurity has developed 10 tips for SMEs and citizens to stay secure when buying and selling online.

Published on March 31, 2020

Tips for cybersecurity when buying and selling online

 The Covid-19 outbreak has led to an increase of ecommerce as people look online to shop for anything from books to groceries. A positive side to this is the growth in digital transformation particularly of small businesses, who need to have an online presence to survive.

 SMEs make up 99% of the European businesses and while 77% of SMEs have a website only 17% are selling online (Digital Economy and Society Index (DESI) 2019). At the same time, 41% of Europeans are concerned about the security of online payments (Eurobarometer Europeans’ attitudes towards cyber security – January 2020).

As SMEs set up online business because their survival depends on it. Citizens buy online because they want to protect their safety. Both the SME and the consumer are looking to fulfil their needs quickly. They often don’t want to implement lengthy cybersecurity solutions and in order to assist, the EU Agency for Cybersecurity has developed 10 tips for SMEs and citizens to stay secure when buying and selling online.


For citizens: Cyber secure buying online

  1. Secure connection: Pay attention to the security seal of each website that you are browsing by looking for the presence of the little green padlock in the address bar. This means in general that your connection is established over a secure channel.  
  2. Look out for Covid-19 phishing emails and fake websites: there has been an increase in the registration of domains, which contain the word ‘Corona’, which is used by cyber criminals to offer scams. Be suspicious of any e-mails asking to check or renew your credentials even if it seems to come from a trusted source. In all cases, try to verify the authenticity of the request through other means, do not click on suspicious links or open any suspicious attachments. Watch out for emails purporting to be an invoice for a purchase that was in fact not made.
  3. Payment fraud: Check your online accounts and your bank statements regularly and report any suspicious activity to your bank. If you think you have been a victim of an attack, contact your bank. If possible, activate two-factor authentication for payments.
  4. Updated systems - make sure your system (operating system and the applications used) is up to date as well as ensuring your antivirus and antimalware are installed and fully updated.
  5. Protect your privacy - Think twice when asked for data and read privacy policies. If you need to set up an account with a supplier, use strong passwords that cannot easily be predicted and use a password manager. Avoid sharing personal information with persons you do not know on social media. Consider using privacy tools, such as anti-tracking and secure messaging tools, for your online and mobile protection.


For SMEs: Cyber secure online selling

  1. Secure your website for customers: It’s vital you have the right security to protect both your enterprise but also your customers, for example use https connections and enable 2 factor authentication where possible. Additionally it’s important to test the security of the website and ensure adequate support for customers in case of problems.
  2. Protect your assets: Much like any other business asset, information needs to be strategically managed and protected. Information security is the protection of information within a business, including the systems and hardware used to store, process and transmit this information. Make sure a security policy is in place, together with all necessary technical and organisation security measures.
  3. Store passwords securely: If customers need to create accounts to buy from your website, then make sure all passwords are stored securely. Make sure your client data is protected according to the rules of the industry. Where possible, make sure sensitive data is not readable, solutions such as keyed or salted hashes could be applied.
  4. Ensure compliance with data protection requirements: When processing personal data of customers, make sure that you comply with the legal framework on data protection. Visit your national Data Protection Authority’s website for further information.
  5. Monitor and prevent incidents – Have a security incident response policy in place and make sure that measures are taken for the prevention, monitoring and response to security incidents, including personal data breaches.


Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies