Hiscox surveyed over 5,400 small, medium and large businesses across the US, UK, Belgium, France, Germany, Spain and the Netherlands to compile this report.
The BBC reported that UK businesses have seen a sharp increase in cyber attacks in 2019, with 55% (up from 40% last year) reporting facing an attack so far this year. A recent cyber readiness report from insurance firm Hiscox revealed that the figure increased to more than three out of five firms (61%) across the seven EU countries surveyed, up from 45% in the same report in 2018. Not just this, the report also disclosed that the average losses from cyber breaches soared from $229,000 to $369,000, i.e. an increase of about 61%. In more bad news for UK firms, the research highlights that British firms had the lowest cyber security budgets, spending less than $900,000 on average compared with $1.46m across the group.
Our Magento Security Recommendations
- Use captcha: Captcha placed on sign-up, login, forgot password and submit review forms helps prevent security breaches.
- Do not make 777 permission necessarily for folders or file
- Open files: Any open/raw magento/wordpress site in root can be a cause of concern. It is important to keep a check on the same.
- Give permission to var, generated, pub , app/etc folder wisely
- If you are multi vendor marketplace, make sure you have strong data protection policy
- Use custom path for Admin panel: It is obvious for hackers to access admin via my-site.com/admin. If you change /admin with a custom term, this no longer remains obvious. It is easy to change the admin path by editing the local.xml file in Magento 1 and env.php file in Magento 2.
- Make use of strong passwords: A strong password that is a mix of numbers, symbols, capital letters and lower-case letters help in better security.
- Use 2FA: Two-Factor Authentication on Magento allows only trusted devices to access the backend. This is necessary as just setting a password which is strong is not enough.
- Use the latest Magento version: Magento usually fixes security issues in the new releases, hence it is important to stay up to date with the latest magento versions. Once a stable release comes, it is the right time to implement.
- Acquire an encrypted connection (SSL/HTTPS): This can be done in magento just by a simple step to check the tab “Use Secure URLs” in the system configuration menu and helps make your site compliant with the PCI data security standard and in securing your online transactions.
- Have an active backup plan: Timely back-ups are always handy in case of any issues. A plan in place helps add to security.
- Use Secure FTP: interception of FTP passwords is the most common way used by hackers. Use of a Secured File Transfer Protocol helps prevent this.
- Disable directory indexing: This prevents hackers from accessing core magento files.
- Invest in a sound hosting plan: Even though a shared hosting comes comparatively at a lower price, the risk associated in much hight, choose wisely.
- Append a Security Key to Magento Admin Panel: It is easy to append a security key to URLs in magento 2 ecommerce platform and it safely keeps hackers at bay.
- Prevent MySQL injection: Even though magento offers support to circumvent any My SQL injection attack in the latest versions, it is always better to add web application firewalls for better security.
- Magento security review: It is always better to take professional help for review security of your eCommerce site.
Magento community cares about security and is generally considered a robust eCommerce development platform. We can carry out a security review of your Magento Store for you and implement general best practices. Get in touch today.