LeanSwift eCommerce: Security & Compliance

The growth of eCommerce businesses and online transactions have become an integral part of our lives even more so during COVID-19, but also to the growing acceptance of eCommerce as a convenient alternative to the brick and mortar stores.

All eCommerce sites are attractive targets to hackers due to the immense personal and payment information stored on the site. Ecommerce websites hold a lot of data about their customers — and that makes business owners (small or large) a target. According to a 2018–19 Global Information Security Survey from EY, “customer information is the number one most valuable data category for attackers. Coming in at number five are customer passwords”.

It’s crucial for hosting providers and system integrators, as ourselves, to maintain a secure environment at all times for our customers.

Nevertheless, certain best practices can be implemented to safeguard the integrity of your online store and LeanSwift is here to help keep your online store hosted and maintained in a secure environment; along with an implemented, robust plan of action in the event if a security breach occurs.

How LeanSwift can Improve the Security of your Magento Installation?

LeanSwift certified consultants (system integrators) follow a strict adherence to the software development life cycle in accordance with industry standards such as the The Open Web Application Security Project and continuously test for security issues as well staying up-to date on eCommerce security and compliance best practices (not all are listed):

Server Environment

  • Magento includes .htaccess files to protect system files when using the Apache web server. 
  • Limiting access to cron.php file to only required users
  • Using and securing communications protocol (SSH/SFTP/HTTPS) to manage files, and disable FTP
  • Using a unique, custom Admin URL instead of the default “admin” or the often-used “backend,” Although it will not directly protect your site from a determined attacker, it can reduce exposure to scripts that try to break into every Magento site.

Server Applications

  • Keeping software up-to date and apply patches when needed
  • Avoiding running other software on the same Magento server
  • Use the latest version of Magento to ensure that your installation includes the most recent security enhancements
  • Use the correct file permissions. Core Magento and directory files should be set to ready only, including app/etc/local.xml files.
  • Ensuring the server and database are automatically backed up to external location. A typical setup requires daily incremental backups, with a full backup on a weekly basis. 

 

Don’t leave your data security to chance. Contact us today to learn more about protecting your most vital data!

Recommended Blogs

Boost Your B2B Buyers’ Experience with a Customer Portal

With a customer portal, buyers can better understand to their customers’ wants and needs, and their ordering preferences. The system can integrate with multiple data sources, making it easy to access and view this customer data and derive valuable business insights.

Rhea Singh

Augmented Reality for Manufacturing Machinery Maintenance

In today’s manufacturing industry, tech and strategy advancements brought forth by the Industry 4.0’s revolution are continuing to drive success and help business leaders navigate through persistent supply chain challenges. A key technology of Industry 4.0 is augmented reality (AR).

Rhea Singh

LeanSwift Receives Infor’s 2020 Innovation Partner of the Year Award

Infor, a global provider of enterprise software products, has awarded LeanSwift with its “2020 Innovation Partner of the Year Award” for its innovation in leveraging multi-tenant cloud offering, project implementation methodology, and building a sustainable talent pool and leveraging extensibility tools to deliver successful projects and create customer success stories.

Rhea Singh