What security steps should I take for a clone site?

I’ve set up a clone site on another url. I basically just transferred the entire site vie FTP and the database(minus the cache tables content). Since the site I copied was a fully functional Drupal merchant site, what steps do I need to take to insure security of possibly sensitive information? Is everything fine as long as I don’t take in any private information on the clone site? Do I need to have an SSL Certificate? Do I need to delete any specific information from the Database? If so, what?