17 October 2019

Another 5 tips to secure your store

Hi there and welcome back to another of our Hussey Coding blogs, today we're going to be continuing our look into cybersecurity by giving you another helping of hints and tips that you can do right now to help secure your Magento store, so what are you waiting for?


In this blog we will look at
 - 1. K.O. the F.T.P.
 - 2. Check the oil
 - 3. Who knows what?
 - 4. Practice, practice, practice
 - 5. I have a cunning plan!

#1 -K.O. the F.T.P.
If you are using FTP then it is our strong recommendation that you stop!
Instead allow your server to use SSH, which in turn will allow you to use SFTP, giving you a much better and secure way of transferring your files. A common way for hackers to gain access to online stores is by going after FTP passwords. Remember to also delete access to anyone who has had access in the past like old employees or third party companies as this is a great way of allowing unwelcome access.

Getting yourself set up with SSH if you are using the Linux OS is easy as it's part of the package, if you are using the Windows OS then follow this link to the "How to use PuTTY on Windows" guide by SSH.com
or if you are using MAC OS check out SSH.com's guide for you here
Or you can ask your development team to do it for you, don't have one? info@husseycoding.co.uk

 #2 - Check the oil.
In the same way that you check your oil and water levels in your car, every now and then go over your settings, change your passwords, review who has access to what and you'll be amazed when you remember how much you forgot.
Ask your dev team to analyse your store for any vulnerabilities, if they don't find anything great, if they do, get it fixed.
If you are using Magento extensions, do bare in mind that they may not be updated often, creating an opportunity for hackers until a patch or update is released so keep an eye on your extensions. Using popular extensions is a great way to combat this as they will traditionally receive good support and updates more regularly. Ask yourself questions like "do I need this extension?", "is it still useful to my company?", "Is there another extension out there now that can do the job of multiple extensions I have running at the moment?".

#3 -Who knows what?
OK, so your computer is up to date, your Magento store is up to date even all of your extensions are up to date, what about your staff?
You may have heard of the term social engineering, this is where an attacker will manipulate individuals into unknowingly releasing confidential data for the use of illegal purposes.
Put another way, your bank just e-mailed your accounts department asking them to verify some details otherwise there may be issues with payments further down the line, they even provided a handy link to follow and it looks legitimate. Once there, all they need to do is confirm your companies address, credit card number, email address, all the sorts of things your bank would need to know. A few months later, when you decide to "check the oil" you notice a steady stream of money has been leaving your company and is now missing, no once can seem to track it down and after you spend more money  hiring a team to find the root of the problem you discover that your whole company has been breached and that you need to fire Susie from accounting who's been with you for nearly 20 years.

A huge number of companies spend all their cybersecurity budget on teams and software, which is great, but considering that one of the greatest risks to your security is through social engineering you are going to need to invest some of that budget in training all of your staff in cybersecurity.
Training staff to identify fraudulent email, unsecure websites and general social engineering methods used by attackers could save your company, your reputation, your stock, your finances and Susie's job!

#4 - Practice, practice, practice.
This might seem like an odd one but it's really effective, don't just tell your staff about cybercrime, let them experience it in a controlled environment.
Send out some emails with a fake link in it and see who opens them or if you have an IT department ask them to simulate a cyberattack and see how your staff respond. Simulated attacks really help to show vulnerabilities in your security, gives you and your staff real time experience of the stress filled, chaotic nature of an attack and an opportunity for all involved to learn, adapt and better prepare for the real thing.

Simulated attacks also shift your companies thinking from a reactionary mindset to a proactive one, what's that saying about the best defence being a strong offence? Thinking about what and how attackers might attempt to infiltrate your business helps you be better prepared than just dealing with an attack that has already happened or that you have heard about.

#5 - I have a cunning plan!
Form a responce plan, have one in place from day 1, there's an old saying that goes "it is far better to have and not need than to need and not have".

There are various different ways that you can be attacked, some of which we have covered in our previous blog 6 CYBERATTACKS THAT WILL DESTROY YOUR BUSINESS, some very obvious and some are not.
In the event that you think you are under or have been the victim of a cyberattack we strongly recommend you contact your developer/development team right away, if you don't have a regular team to keep costs down then now is the time to pay out for one as they will be able to identify the origin, type and extent of the attack and be able to take steps in preventing and repairing the damaged caused. As always you can contact us here on info@husseycoding.co.uk to take advantage of a decades worth of experience using and developing the Magento platform.
Want some more pointers in what should be in a cunning responce plan? Never fear, Hussey Coding is here! We have a whole blog dedicated to this very issue coming soon.

With all of these things in place you are well on your way to having formidable security in place. Do remember that these are not the only things that can be done but a basic list of things that YOU can do to help secure your store! Also bare in mind that having the best security in the world doesn't guarantee that you will not become the target of an attack, nor does it guarantee that an attacker won't get through but having these things in place does help prevent both losses to you and your customers.

If you missed out first 5 tips to securing your store follow this link to read them now 5 EASY STEPS TO BETTER SECURITY
Thank you for taking the time to read this post, we hope it's helpful in keeping your online store secure and attack free. As always, should you wish to contact us here at Hussey Coding then our details are below and don't forget to go and sign up now to www.developerconnection.co.uk to take advantage of our 50% off launch discount. Until next time, stay safe and have a great day.

Want to contact Hussey Coding? here's how
You can mail us at info@husseycoding.co.uk
Visit our website at www.husseycoding.co.uk

Or join in all the fun on our social media profiles
Facebook - facebook.com/husseycoding
Twitter - twitter.com/husseycoding
LinkedIn -linkedin.com/company/hussey-coding
We look forward to hearing from you soon.

No comments:

Post a Comment