Online store. Safety for owners
In the previous article, we talked about how an online store user can protect himself when buying goods on the worldwide network. We hope that our advice turned out to be useful for you, dear readers. Today we will talk about the specifics of ensuring security from the stores themselves - which is especially important, to which we should pay close attention. Go!
1. Always use SSL certificates and keep a close eye on PCI compliance. Recall that PCI DSS is a data security standard for the bank card industry. Indeed, who needs a nightmare with identity theft? “Your customers trust you and hold you responsible for the security of the transactions you have made on your site,” explains the need for SSL certification Jeff Chandler, marketing director at DigiCert. It can be said, the minimum that an online store must comply with, claiming to be safe and secure.
')
2. Do not store data of your customers, especially when it comes to credit card numbers, CVV2 numbers and expiration dates of cards, especially since PCI standards do not allow this. Information security experts say that such records should be regularly removed. Save only the data you need to process returns for purchased goods. When collecting customer data for marketing activities, remember that you should not keep all your eggs in one basket - delete (do not accumulate) information that could potentially be of interest to attackers.
3. Build the security of your store in several levels. Allen Grayson, Symantec's Internet security engineer, argues that a multi-layered security system can be a serious obstacle for a cybercriminal. “Start with a firewall that prevents an attacker from gaining access to your network, then add security layers to contact forms, login passwords, and search queries. This will protect your store from application-level attacks, ”says Allen.
4. Be sure to protect the store from DDoS attacks using cloud services. Repeat, be sure! Such attacks over time become more frequent and sophisticated, and then cloud services can come in handy, cutting off unwanted traffic. High-end clouds offer managed DNS services, making the store more secure from DDoS attacks.
5. Regularly update the software and put security patches on your system. Both WordPress and Magento platforms are updated, as well as Perl, Java and Python, and such updates should not be neglected, and there is no reason to delay their introduction after the release. “Using outdated software and code versions is one of the key vulnerabilities of online stores.”, Says Susan Watkins, chief strategist at searchengineoptimisation.org.za.
The tips in this article are not a panacea for all cyber threats, but this is the minimum that will help your store with the typical threats on the Web. Just accept the fact that ensuring the safety of your online store is not a project, but rather a process that should be developed and improved in this direction all the time. The realization that you are ready for unpleasant surprises, armed with effective and relevant tools to counter them, will help you grow your business more confidently and faster.
Based on Sitepoint materials.
1. Always use SSL certificates and keep a close eye on PCI compliance. Recall that PCI DSS is a data security standard for the bank card industry. Indeed, who needs a nightmare with identity theft? “Your customers trust you and hold you responsible for the security of the transactions you have made on your site,” explains the need for SSL certification Jeff Chandler, marketing director at DigiCert. It can be said, the minimum that an online store must comply with, claiming to be safe and secure.
')
2. Do not store data of your customers, especially when it comes to credit card numbers, CVV2 numbers and expiration dates of cards, especially since PCI standards do not allow this. Information security experts say that such records should be regularly removed. Save only the data you need to process returns for purchased goods. When collecting customer data for marketing activities, remember that you should not keep all your eggs in one basket - delete (do not accumulate) information that could potentially be of interest to attackers.
3. Build the security of your store in several levels. Allen Grayson, Symantec's Internet security engineer, argues that a multi-layered security system can be a serious obstacle for a cybercriminal. “Start with a firewall that prevents an attacker from gaining access to your network, then add security layers to contact forms, login passwords, and search queries. This will protect your store from application-level attacks, ”says Allen.
4. Be sure to protect the store from DDoS attacks using cloud services. Repeat, be sure! Such attacks over time become more frequent and sophisticated, and then cloud services can come in handy, cutting off unwanted traffic. High-end clouds offer managed DNS services, making the store more secure from DDoS attacks.
5. Regularly update the software and put security patches on your system. Both WordPress and Magento platforms are updated, as well as Perl, Java and Python, and such updates should not be neglected, and there is no reason to delay their introduction after the release. “Using outdated software and code versions is one of the key vulnerabilities of online stores.”, Says Susan Watkins, chief strategist at searchengineoptimisation.org.za.
The tips in this article are not a panacea for all cyber threats, but this is the minimum that will help your store with the typical threats on the Web. Just accept the fact that ensuring the safety of your online store is not a project, but rather a process that should be developed and improved in this direction all the time. The realization that you are ready for unpleasant surprises, armed with effective and relevant tools to counter them, will help you grow your business more confidently and faster.
Based on Sitepoint materials.
Source: https://habr.com/ru/post/254873/
All Articles