15 October 2019

5 easy steps to better security

Hi there and welcome back to another safe and secure edition of the Hussey Coding blog.

Today we're going to be looking at some helpful hints and tips to help you make your business more secure. Please feel free to leave a comment on your experience with some of these things and to let us know your favourite security tip. Please bear in mind that these are not the only things you can do to help secure your store or business but rather a good foundation to begin your cybersecurity journey.
In this blog, we will look at

 - 1. Get your foundations in place

 - 2. Staying up to date

 - 3. Return to sender, address unknown

 - 4. Shhhh, it's a secret

 - 5. Under lock and key


#1 - Get your foundation in place

You can't build a house without a good, strong foundation and if your foundations fail then your house will fall down. The same is true here, making sure that the computers you use to access your administration panel are secure or having the best Magento security in the world will not help you if your computers have no security at all.

Make sure you update them with all the relevant security you need, keep your antivirus software up to date, only allow access to people who need to use them, delete users from the computers and the administration panel for that matter that aren't part of your company any more and never open anything suspicious, be it email or download, if it doesn't look safe then leave it be!


#2 - Stay up to date

Just like keeping your desktop/laptop security, OS and antivirus up to date the same is true of your Magento store. Magento is constantly being updated and improved by teams of skilled developers and this includes, but is not exclusive to, any vulnerabilities that may be found within the Magento platform.


Once found Magento will typically create a patch that will be part of the next version update, making it of the utmost importance that you A) keep up to date with all the Magento news and B) install all the latest versions, especially since running older patches can make your store vulnerable to new threats.


Not sure you have the latest version of Magento? follow this link to the Tech resources page to find out - https://magento.com/technical-resources


If for some reason you can't download the latest version of Magento then it's equally important that you download and install the latest security patches or alternatively speak with your developer/dev team. If you don't have one and need one then head on over to Developerconnection.co.uk


Remember this practice not only applies to Magento but to all other software that you have installed on your server, again, having the most updated Magento store is great but pointless if everything else is weak and vulnerable. It is also very important to remember that all official support from Adobe has now ended for M1 users so if you haven't begun your migration to M2 we highly recommend you do that as soon as possible.


#3 - Return to sender, address unknown! 

Your administration panel is the heart of everything you do to your Magento store, it’s where you can see, edit and manage everything you need to create the perfect store for you and your customers and so it must have great security built around it.


By default, your administration panel's URL will look something like this

http://magentosecurity.com/magento/admin


This is really easy for hackers to find and access and is highly susceptible to brute force attacks (an attack where automated software bombards your site trying to guess your username and password at incredible speeds to gain access) so what you want to do is limit the point of entry by changing the admin panels URL to something more secure, so secure that in theory, you wouldn't be able to find it unless you knew exactly where to look.

There is an option to change your admin panels URL using the admin panel it's self and there are many "how-to" guides out there showing you how to do it, however, we came across several issues when trying this method and it never worked for us.


But never fear as there are other methods, the easiest one and the one we would recommend is asking your developer to change your admin URL in the environment configuration file, it's simple and fast to do.

If you do choose to change it from the admin panel yourself then we wish you luck and advise that you put your developer on speed dial just in case.


#4 - Shhhh, it's a secret! 

Passwords! Good, strong passwords!

I know, super obvious, right? You hear people go on about this over and over and over again but the reason for that is because people keep using bad passwords!


Passwords that contain things that are easy to guess, like your pets name or the year you were born are not good passwords at all. Another common mistake is creating a great password and then using it for everything, meaning that once a hacker has your Facebook password they now have access to your store.


If you are reading this and nervously giggling because you know you fit into one of these 2 categories then please go and change your passwords now!

Not sure what you should change it to or what a strong password should include? Again, don't worry, when you're done reading this blog we have another one that covers this very issue - creating-stronger-passwords

 

#5 - Under lock and key

Get a padlock, literally!



Encryption, that's what we are talking about here. An HTTPS/SSL certificate will help to protect private information your customers send to you during transfer. It's important to note here that HTTPS/SSL just transports the data, once the data is with you, you need to secure it.

The way it works is that HTTPS/SSL will scramble the data during transfer and then unscramble it when it's delivered. That little padlock is the symbol your customers will be looking for and is the universal sign that you take security seriously.

Since 2017, Google will flag any website that does not hold an HTTPS/SSL certificate as "NOT SECURE", that is not something you want your customers seeing!

Great, so how do you get one? Follow this link to "How to experts" page on how to get yourself set up with a shiny new encrypted padlock

http://www.howto-expert.com/how-to-get-https-setting-up-ssl-on-your-website/


Hopefully, you have found these first 5 hints and tips helpful, "Wait? first 5?" I hear you ask, yes, in the coming days we will be releasing another blog with another 5 hints and tips to help you secure your store along with a few extra things in between.
Do remember that having the best security in the world does not make you immune to cyberattacks. However, it will help you reduce the damage and even stop an attacker in such an event. These are 5 quick and easy things that you can do right now to help defend against attack, so what are you waiting for?

Thank you for your time today, please help support the work of Hussey Coding by clicking those likes, hearts, thumbs up, follow buttons on the social media platforms that you use!
Until next time stay safe and have a great day.

You can also join all the fun on our various social media profiles
Facebook - facebook.com/husseycoding
Twitter - twitter.com/husseycoding
LinkedIn - linkedin.com/company/hussey-coding

Sign up to developer connection at www.developerconnection.co.uk
Facebook - facebook.com/DeveloperConnection
Twitter - twitter.com/devconnectionuk
LinkedIn - linkedin.com/company/developer-connection

No comments:

Post a Comment