With the continual security threats that online businesses have to face and compliance, which will need to adapt for personal data with General Data Protection Regulation (GDPR) being enforced from the 25th of May, it is more important than ever that ecommerce merchants understand their role in securing their customer data.
At Williams Commerce, we’ve been working continuously to ensure that as a business, we provide our customers with the level of confidence they need when it comes to security. In addition to being ISO 9001 certified, as well as passing our Cyber Essentials and Cyber Essentials Plus certifications, our Cyber Security team is constantly on the lookout for potential threats and over the years we’ve helped many customers with their online security problems.
GDPR brings in a number of process changes, but in this blog we want to provide some critical security recommendations that can help you enhance the security of your ecommerce site.
Keep your website updated
Whether you need to apply the latest Magento security patch or WordPress update, keeping your website regularly updated is crucial when it comes to its security, as well as its functionality. Make sure to respond to alerts in your admin panels and keep an eye on Magento security patches here and WordPress Updates here.
This is also applicable if you have modules on these platforms and 3rd party patches for these – don’t forget to keep these up to date too.
For Magento merchants
If you have a Magento ecommerce store, there are additional steps you can take to enhance the security of your website:
- Use Magento’s security scan tool.
- Implement 2 factor authentication for Magento admin.
- Set the lifetime of your passwords to 90 days or less, so you can regularly update them.
- Do checks around who has admin access, scanning your website and ensuring that all the system file permissions are set according to the corresponding Magento permission guidance.
For WordPress users
If you’ve opted for a WooCommerce store, WordPress brochure site or maybe you have a WordPress blog integrated with your main site, then, in addition to keeping your main site updated, you should also look to isolate the WordPress components onto a separate hosting environment for additional security.
At Williams we have a Partnership for our customers’ benefit with Foregenix who are global Cyber Security experts. We look to work closely with them to make sure we are on the bleeding edge of threats or best practices, industry wide.
You can take your cyber security to the next level with the help of Foregenix and use their advanced tools which actively monitor traffic and site hosting security, and can help you identify and prevent any potential breaches before they do any real damage.
Why you should take cyber security seriously
In today’s changing online environment, there can be significant negative consequences to not having a secure ecommerce store, and as new threats appear constantly, cyber security measures have to evolve as well. Making sure that you meet your requirements for data protection and also any compliance, for example PCI DSS compliant, and provide a secure environment for your customers to use your site in is key.
More than one time we’ve been contacted by ecommerce businesses who didn’t apply the right security measures to their websites and as a result experienced loss of customer data, hacks and other security issues. With GDPR around the corner, this can not only mean much heftier fines, but can also result in loss of customer trust and brand damage for a long time.
If you need to patch your website or need help when it comes to cyber security, get in touch with our team of experts today.