Direct Commerce Issue 255

orderForm.title

orderForm.productCode

orderForm.description

orderForm.quantity

orderForm.itemPrice

orderForm.price

orderForm.totalPrice

orderForm.deliveryDetails.name

orderForm.deliveryDetails.accountNumber

orderForm.deliveryDetails.phone

orderForm.deliveryDetails.poNumber

orderForm.deliveryDetails.email

orderForm.deliveryDetails.companyName

orderForm.deliveryDetails.billingAddress

orderForm.deliveryDetails.deliveryAddress

orderForm.deliveryDetails.deliveryDetailsDeliveryAddressSameAsBillingAddress

orderForm.deliveryDetails.address1

orderForm.deliveryDetails.address2

orderForm.deliveryDetails.city

orderForm.deliveryDetails.state

orderForm.deliveryDetails.postCode

orderForm.deliveryDetails.country

orderForm.deliveryDetails.additionalInformation

orderForm.noItems

VIEWPOINT - SECURITY ☛ WEB VERSION: Click Here Online retailers must get to grips

with their security posture fast By James Allen-Lewis, development director, Sonassi

O

ver the weekend (12-13 Sep), more than 2,000 Magento 1 online

stores were hacked in what has been described as the largest documented campaign since 2015.

Magento 1 officially reached its end-of-life (EOL) at the end of June and the attack is yet another example of why online retailers must get to grips with their security posture. This is especially the case for those companies choosing to remain on Magento 1 which is no longer supported with security patches:

Unfortunately, this incident should not come as a surprise. As far back as last year, warnings had been issued about the likelihood of attacks on Magento 1 stores, and as the deadline to EOL grew

closer, these warnings have gotten louder. While cyber threats do exist on Magento 2, those remaining on Magento 1 are no longer supported with security patches, and therefore a prime target for hackers.

As we head into the winter months and with the threat of a second wave and localised lockdowns persisting, online retailers are likely to see demand remain heavy for their services. While this is undoubtably a welcome headache for many, it should not mean merchants hold off on securing their website, particularly when incidents like this lay bare the realities of inaction.

It’s critical retailers deploy basic, cyber security, best practices. Simple things such as regular updates to your

passwords and multi-factor authentication are often overlooked. Additionally, retailers should be locking down the administrator interface by IP address. This simple change makes it much harder for hackers to get near this critical part of the store.

Many attacks involve files being added or changed on a website. It is vital you monitor your log for any suspicious file activity. Furthermore, run regular audits on admin accounts and keep admin access to a minimum. You should always know who has access to your website.

Finally, ensure you scan your website regularly for indicators of compromise. This will give you a much stronger insight into the security posture of your business.

homeofdirectcommerce.com | Direct Commerce

15

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | Page 7 | Page 8 | Page 9 | Page 10 | Page 11 | Page 12 | Page 13 | Page 14 | Page 15 | Page 16 | Page 17 | Page 18 | Page 19 | Page 20 | Page 21 | Page 22 | Page 23 | Page 24 | Page 25 | Page 26 | Page 27 | Page 28 | Page 29 | Page 30 | Page 31 | Page 32 | Page 33 | Page 34 | Page 35 | Page 36 | Page 37 | Page 38 | Page 39 | Page 40 | Page 41 | Page 42 | Page 43 | Page 44 | Page 45 | Page 46 | Page 47 | Page 48 | Page 49 | Page 50 | Page 51 | Page 52 | Page 53 | Page 54 | Page 55 | Page 56 | Page 57 | Page 58 | Page 59 | Page 60 | Page 61 | Page 62