Cybersecurity and the small online merchant – a checklist starter

Cybersecurity and the small online merchant – a checklist starter

Excerpt from a recent answer to a Quora question about cybersecurity. Useful starting checklist. I would love to hear your comments!

  • Your internal security controls. Do you force admin users to use secure passwords and change them often? Do you run background checks and monitor usage of your employees or ANYONE that you give access to your admin panel or server? Do you check for intrusions? Does your customer service have ENFORCED policies against writing down credit card numbers or other sensitive information?
  • Have you locked down potential entry vectors? Do all of your forms protect against SQL or other code injections? Have you shut FTP and other insecure or unused ports that are often open by default?
  • Are you using security audit tools? If you use Magento, Cadence Labs has a good security audit, Razoyo offers it as part of a technical site audit, MageReports has an automated tool. There are similar scans and tools available for WordPress.
  • Do you use a reputable integration for your payment gateway? Magento has a core implementation for PayPal, Braintree, Authorize dot net and so forth. Unless you have an expert security developer on staff, you should avoid homegrown payment gateway implementations.

About the Author:

Paul is the President of Razoyo and a veteran of ecommerce having been a merchant, consultant and developer.

Leave A Comment


Razoyo is an ecommerce consultancy and Magento Certified Developer serving the needs of small and medium-sized web stores. We help online merchants to create, manage, maintain and update their stores, and to solve both business and technology problems.