Charles Martey is the Systems Integration Director at Above The Fray.
Cybercrimes are on the rise and like all ecommerce platforms, Magento websites are a prime target due to the personal and private nature of customer data kept on file. As most business owners are well aware, the impact of a security breach can destroy the reputation of an ecommerce business and devastate a company financially. Luckily, Magento merchants don’t have to go it alone. The Magento Security Model Magento takes a shared responsibility approach, meaning that the merchant isn’t solely responsible for security of the system. Magento provides security of the Magento Commerce cloud, the core application code, and the internal systems. AWS provides network security. Magento customers, or their Magento Certified agency partners, are responsible for their customized instance. What exactly does that mean and what steps should you take to lock down your ecommerce site? We’ve put together a step-by-step guide. 7 Steps to Lock Down Your Ecommerce Site- Choose a reliable hosting provider You want to look for a hosting provider that has a good reputation and provides comprehensive security as part of their plan. This is one of the reasons we work closely with Webscale as security has always been a focus of their cloud delivery platform.
- Use an SSL Purchasing, installing, and enabling an SSL for your Magento store is an easy step to take to ensure that all data including customer credit card information is transferred securely from server to website and cannot be intercepted by hackers.
- Upgrade to the latest Magento Version The most recent version of Magento often includes performance improvements, code enhancements, and even new features. It will also include all previous security patches and any new security updates. When you upgrade to the latest Magento version, you know you have the most secure version available.
- Stay up to date with Magento security patches Between version releases, Magento also releases security patches which are fixes for any security loopholes that have been identified. It’s important to stay on top of these because once these patches are released, cyber criminals use that information for targeted attacks on merchants who haven’t yet installed the latest security patches. A Ponemon Institute study found that 60% of organizations that suffered a data breach stated it was due to a known unpatched security issue. Webscale performs “virtual patching” for its customers, using its Web Controls to provide immediate protection against new vulnerabilities, until you are ready to install the official updates.
- Use two-factor authentication Two-factor authentication for your website admin adds an added layer of security and eliminates the risk of a hacker guessing your password. This built-in Magento functionality is easy to enable and requires the user logging in to input a code sent to their mobile device after inputting the correct password.
- Add a security extension The best Magento security extensions really depend on your business needs. There are a number of free and paid security extensions available that serve a variety of different functions from preventing brute force attacks to tracking admin activity.
- Test proactively Conducting vulnerability scans and proactive penetration testing can help you identify weak spots in your site’s armor before a hacker does. Pentesting is one of the most underutilized security strategies. Preventative measures alone can fail to give you the full picture of your site’s vulnerabilities - pentesting really allows you to identify weaknesses and shore them up before they become a problem.
