The growth of eCommerce businesses and online transactions have become an integral part of our lives even more so during COVID-19, but also to the growing acceptance of eCommerce as a convenient alternative to the brick and mortar stores.
All eCommerce sites are attractive targets to hackers due to the immense personal and payment information stored on the site. Ecommerce websites hold a lot of data about their customers — and that makes business owners (small or large) a target. According to a 2018–19 Global Information Security Survey from EY, “customer information is the number one most valuable data category for attackers. Coming in at number five are customer passwords”.
It’s crucial for hosting providers and system integrators, as ourselves, to maintain a secure environment at all times for our customers.
Nevertheless, certain best practices can be implemented to safeguard the integrity of your online store and LeanSwift is here to help keep your online store hosted and maintained in a secure environment; along with an implemented, robust plan of action in the event if a security breach occurs.
How LeanSwift can Improve the Security of your Magento Installation?
LeanSwift certified consultants (system integrators) follow a strict adherence to the software development life cycle in accordance with industry standards such as the The Open Web Application Security Project and continuously test for security issues as well staying up-to date on eCommerce security and compliance best practices (not all are listed):
Server Environment
- Magento includes
.htaccessfiles to protect system files when using the Apache web server. - Limiting access to
cron.phpfile to only required users - Using and securing communications protocol (SSH/SFTP/HTTPS) to manage files, and disable FTP
- Using a unique, custom Admin URL instead of the default “admin” or the often-used “backend,” Although it will not directly protect your site from a determined attacker, it can reduce exposure to scripts that try to break into every Magento site.
Server Applications
- Keeping software up-to date and apply patches when needed
- Avoiding running other software on the same Magento server
- Use the latest version of Magento to ensure that your installation includes the most recent security enhancements
- Use the correct file permissions. Core Magento and directory files should be set to ready only, including
app/etc/local.xmlfiles. - Ensuring the server and database are automatically backed up to external location. A typical setup requires daily incremental backups, with a full backup on a weekly basis.
Don’t leave your data security to chance. Contact us today to learn more about protecting your most vital data!