Another day, another hack. Just announced – another major data leak and this time by the IRS!
Security isn’t the sexiest topic in online commerce but it’s one of the most important in managing an online store. Customers trust us to keep their personal information safe and secure. Security is more than just putting a picture of a lock icon on the checkout – it’s about putting practices and procedures into place to ensure that your customers’ data stays out of the wrong hands!
Here are some practical tips you can take to be security conscious:
Use an online PCI compliance scanner such as products by Comodo or Verisign
These scans happen around the clock and catch when you’ve put bad practices into place. Your systems integrator can then act on those alerts to keep you safe and up to date.
Never write down credit card information
It’s inevitable that you’ll come into contact with a credit card number. Knowing how to safely handle card numbers is key to your customer’s security. Read up on PCI compliance procedures to learn more.
Limit the number of employees who have access to the credit card data
Not every person in your organization needs to have access to customer information. Identify the key people in your team who should have access and update their job description to explicitly say so. It’s important to provide proper training. This brings us to our last point.
Put a comprehensive IT security policy into place
By writing and reviewing your current procedures you will undoubtedly learn about the dangers that lurk on the internet! Templates for such policy documents can be found online at pcisecuritystandards.org – take time to review this document quarterly and make updates to it as you make changes to your business, personnel, or infrastructure.
Sadly, even if you do all of the above you can still be susceptible. Subscribe to Magento’s email newsletter to stay up to date on security alerts as they happen!
When a security patch is released how do you know if the patch has been applied? There’s an app for that! Our lead Magento developer Phillip Jackson (@philwinkle) recently released a Magento plugin that shows all applied patches conveniently from within the Magento admin panel. You can download and install it here or, if you’re part of our Interactive Managed Services group, just ask us to do it for you.
Have questions? We’re here to help you [secure] something!