eCommerce Security: 5 Tips to Protect Your Business

By: Benjamin Hosack at Foregenix

Most organizations consider security, but the impact of a breach is often underestimated. The result of a data breach can range from irritating to catastrophic for the victim business. If you want to protect your online business, here are our Top 5 steps to significantly improve your risk and security posture:

1. Keep your software up to date.
Software security updates are frequent and essential to deploy quickly. Once an update is released, it usually addresses a serious issue that has affected users of that software. To avoid becoming a victim, upgrade quickly. If you need more protection while you’re figuring out upgrades, use a well-configured Web Application Firewall to protect your website

2. Create a custom admin path.
Attackers often use automated techniques that look for standard configurations, then initiate brute force attacks on username/password combinations. By changing your Admin Path, attackers will need to work much harder to locate your admin page for attack.

3. Use strong, unique passwords AND do not share accounts.
Create a very strong, complex, unique password to access your admin interface. We recommend using a password manager to make your password management significantly easier. Even better than a username/password is to use two-factor authentication. There are excellent solutions available across various platforms that enable 2-Factor authentication quickly, easily and cost-effectively.  Do not share accounts – give each user their own account and appropriate access.

4. Detect website malware.
Malware is a term for various software used for criminal activity (malicious software). Of all the websites we assist following a breach, over 90% had website malware introduced into their website to:

– Provide a back door for later access.
– Load remotely hosted card skimming malware.
– Provide interactive access for the attackers.
– Credit card skimming – like Magecart and many others. 
– Steal personal data.
– All of the above…

The eCommerce ThreatScape is constantly evolving, and new malware is being introduced daily – we’d highly recommend monitoring your website for the latest threats targeting eCommerce.  This can be done simply and quickly.  

5. Monitor your website’s security.
Once you’ve got the basics in place – points 1-3 above, we’d advise moving into a monitoring cycle where you are monitoring the vital signs of your website for signs of threat or vulnerability. Daily website monitoring on key data points is recommended at a minimum.


About the Author
Benj Hosack is a Director and co-Founder of Foregenix Limited. Foregenix is a specialist information security business delivering services in Forensics, PCI DSS, PCI P2PE, PA-DSS and information security solutions within the Payment Card Industry. Our technologies are designed to simplify security and PCI Compliance. Specialties: Cardholder Data Discovery – defining and reducing PCI DSS Scope / PA-DSS / PCI DSS / P2PE / Account Data Compromise Investigations. We are specialists in the Payment Card Industry and work with all types of companies in the payment chain (Acquiring banks, Processors, hosting providers, web designers, merchants, systems integrators etc).