15 October 2019

5 easy steps to better security

Hi there and welcome back to another safe and secure edition of the Hussey Coding blog.

Today we're going to be looking at some helpful hints and tips to help you make your business more secure. Please feel free to leave a comment on your experience with some of these things and to let us know your favourite security tip. Please bare in mind that these are not the only things you can do to help secure your store or business but rather a good foundation to begin your cybersecurity journey.

In this blog we will look at
 - 1. Get your foundations in place
 - 2. Staying up to date
 - 3. Return to sender, address unknown
 - 4. Shhhh, it's a secret
 - 5. Under lock and key

#1 - Get your foundation in place
You can't build a house without a good, strong foundation, if your foundations fail your house will fall down. Then same is true here, make sure that the computers you use to access your administration panel are secure, having the best Magento security in the world won't help you if your computers have no security at all.
Make sure you update them with all the relevant security you need, keep your antivirus software up to date, only allow access to people who need to use them, delete users from the computers and the administration panel for that matter that aren't part of your company any more and don't open anything suspicious, be it email or download, if it doesn't look safe then leave it be!

#2 - Stay up to date
Just like keeping your desktop/laptop security, OS and antivirus up to date the same is true of your Magento store. Magento is constantly being updated and improved by teams of skilled developers and this includes, but is not exclusive to, any vulnerabilities that may be found within the Magento platform.
Once found Magento will typically create a patch that will be part of the next version update, making it of the utmost importance that you A) keep up to date with all the Magento news and B) install all the latest versions, especially since running older patches can now make your store vulnerable to new threats.
Not sure you have the latest version of Magento? follow this link to the Tech resources page to find out - https://magento.com/technical-resources

If for some reason you can't download the latest version of Magento then it's equally important that you download and install the latest security patches or alternatively speak with your developer/dev team. If you don't have one and need one then Hussey Coding are always here to help you out, just contact us at info@husseycoding.co.uk

Remember this practice not only applies to Magento but to all other software that you have installed on your server, again, having the most updated Magento store is great but pointless if everything else is weak and vulnerable. It is also very important to remember that in June of 2020 all official Magento support will be ending for M1 users so if you haven't begun your migration to M2 we highly recommend you start sooner rather than latter.

#3 - Return to sender, address unknown! 
Your administration panel is at the heart of everything your Magento store is, it’s where you can see, edit and manage everything you need to create the perfect store for you and your customers and so it is vital that it has great security built around it.

By default you're administration panel's URL will look something like this

This is really easy for hackers to find and access and is highly susceptible to brute force attacks (an attack where automated software bombards your site trying to guess your username and password at incredible speeds to gain access) so what you want to do is limit the point of entry by changing the admin panels URL to something more secure, so secure that in theory you wouldn't be able to find it unless you knew exactly where to look.
There is an option to change your admin panels URL using the admin panel it's self and there are a number of "how to" guides out there showing you how to do it however, we came across a number of issues when trying this method and it never worked for us.
But never fear as there are other methods, the easiest one and the one we would recommend is asking your developer to change your admin URL in the environment configuration file, it's simple and fast to do.
If you do choose to change it from the admin panel yourself then we wish you luck and advise that you put your developer on speed dial just in case.

#4 - Shhhh, it's a secret!
Passwords! good, strong passwords!
I know, super obvious right? and you hear people go on about this over and over and over but the reason for that is that people are still using really bad passwords! Things that are easy to guess like their pets name or year they were born. The other common mistake is having a really good password but using it for everything, meaning that once a hacker has your Facebook password, they now have access to your store as well.
If you are reading this and nervously giggling because you know you fit into one of these 2 categories then please go and change your passwords now!
Not sure what you should change it to or what a strong password should include? Again, don't worry, there is a whole Hussey Coding blog dedicated to coming soon!

#5 - Under lock and key
Get a padlock, literally! 

Encryption, that's what we are talking about here. An HTTPS/SSL certificate will help to protect private information your customers send to you during transfer. It's important to note here that HTTPS/SSL just transports the data, once the data is with you, you need to secure it.
The way it works is that HTTPS/SSL will scramble the data during transfer and then unscramble it when it's delivered. That little padlock is the symbol your customers will be looking for and is the universal sign that you take security seriously.
Not only that but as of 2017, Google will flag any website that does not hold an HTTPS/SSL certificate as "NOT SECURE", that is not something you want your customers seeing!
Great, so how do you get one? Follow this link to "How to experts" page on how to get yourself set up with a shiny new encrypted padlock

Hopefully you have found these first 5 hints and tips helpful, "Wait? first 5?" I hear you ask, yes, in the coming days we will be releasing another blog with another 5 hints and tips to help you secure your store along with a few extra things in between.
Do remember that having the best security in the world does not make you immune to a cyberattack but it will help you reduce the damage and even stop and attacker in such an event. These are 5 quick and easy things that you can do right now to help defend against attack, so what are you waiting for?

Thank you for your time today, we hope that you will help support the work of Hussey Coding by heading to our various social media profiles, details below, and hitting those likes, hearts, thumbs up and follow buttons!
Once you've done that don't forget that if you are a Magento developer or a client needing work done on your Magento platform then get on over to www.developerconnection.co.uk NOW to take full advantage of our launch discount of 50% off!
Until next time stay safe and have a great day

Want to contact Hussey Coding? here's how
You can mail us at info@husseycoding.co.uk
Visit our website at www.husseycoding.co.uk

Or join in all the fun on our social media profiles
Facebook - facebook.com/husseycoding
Twitter - twitter.com/husseycoding
LinkedIn -linkedin.com/company/hussey-coding
We look forward to hearing from you soon.

No comments:

Post a comment