Benjamin Hosack
3 min read
The eCommerce sector has experienced tremendous growth in recent years, but unfortunately, so has the number of online businesses being hacked. As a forensic investigator and website security solution provider, we've seen an alarming increase in criminals targeting businesses' customer data, including payment card data, names, addresses, and email addresses. This sensitive data is valuable and all that's needed to steal money from those customers.
Most organizations consider security, but the impact of a breach is often underestimated. The result of a data breach can range from irritating to catastrophic for the victim business. If you want to protect your online business, here are our Top 5 steps to significantly improve your risk and security posture:
  1. Keep your software up to date.
Software security updates are frequent and essential to deploy quickly. Once an update is released, it usually addresses a serious issue that has affected users of that software. To avoid becoming a victim, upgrade quickly. If you need more protection while you're figuring out upgrades, use a well-configured Web Application Firewall to protect your website.
  1. Create a custom admin path.
Attackers often use automated techniques that look for standard configurations, then initiate brute force attacks on username/password combinations. By changing your Admin Path, attackers will need to work much harder to locate your admin page for attack.
  1. Use strong, unique passwords AND do not share accounts.
Create a very strong, complex, unique password to access your admin interface. We recommend using a password manager to make your password management significantly easier. Even better than a username/password is to use two-factor authentication. There are excellent solutions available across various platforms that enable 2-Factor authentication quickly, easily and cost-effectively.  Do not share accounts - give each user their own account and appropriate access.
  1. Detect website malware.
Malware is a term for various software used for criminal activity (malicious software). Of all the websites we assist following a breach, over 90% had website malware introduced into their website to:

- Provide a back door for later access.
- Load remotely hosted card skimming malware.
- Provide interactive access for the attackers.
- Credit card skimming - like Magecart and many others. 
- Steal personal data.
- All of the above…

The eCommerce ThreatScape is constantly evolving and new malware is being introduced daily - we'd highly recommend monitoring your website for the latest threats targeting eCommerce.  This can be done simply and quickly.  
We provide a free website security scanning solution called Foregenix ThreatView - ThreatView is a specialist solution that uses all of our forensic experience to detect threats, being updated daily by our Threat Intelligence Group and Digital Forensic Team.  
What you may find is where generalist security solutions like Sucuri SiteCheck and others don't see the malware, we do - that is because we are specialists and have a unique forensic view into threats across eCommerce businesses globally.  

You can access our free website security scanner here:

Create an account and start monitoring your online business straight away with the latest website threat detection capability in the industry.
ThreatView Website Scan Example
  1. Monitor your website's security.
Once you've got the basics in place - points 1-3 above, we'd advise moving into a monitoring cycle where you are monitoring the vital signs of your website for signs of threat or vulnerability.  You can do this with ThreatView.  Daily website monitoring on key data points is recommended at a minimum - have a look at this blog article for the types of monitoring we recommend - while it is Magento focused, the principles apply to all platforms: 

We hope this short article is useful - if you need assistance with your website security, please don't hesitate to contact us.
You can access our free website security scanner, Foregenix ThreatView, and start monitoring your online business straight away with the latest threat detection capability in the industry. Our team of experts is here to help you protect your business from cyber threats.

Subscribe to our Blog

Contact Us

Access cybersecurity advisory services


Benjamin Hosack
Benjamin Hosack

Benj Hosack is a Director and co-Founder of Foregenix Limited. Foregenix is a specialist information security business delivering services in Forensics, PCI DSS, PCI P2PE, PA-DSS and information security solutions within the Payment Card Industry. Our technologies are designed to simplify security and PCI Compliance. Specialties: Cardholder Data Discovery - defining and reducing PCI DSS Scope / PA-DSS / PCI DSS / P2PE / Account Data Compromise Investigations. We are specialists in the Payment Card Industry and work with all types of companies in the payment chain (Acquiring banks, Processors, hosting providers, web designers, merchants, systems integrators etc).

See All Articles

Subscribe to our blog

Security never stops. Get the most up-to-date information by subscribing to the Foregenix blog.