Are your Magento Security Patches up to date?

A free security scan will tell you if your online store is safe.

Magento released its latest security patch on 27 February.

If you run your eCommerce business on Magento 1.x it’s vitally important to make sure your website is up to date with the latest security patches.

This essential maintenance work will keep your online store secure from hackers and safe for customers to spend their money with.

Leaving customer data exposed and vulnerable to hackers and criminals is not only bad for business in terms of trust, reputation and lost transactions.

You could be liable to hefty fines from the Information Commissioner under the Data Protection Act (DPA).

With the introduction of the even more stringent General Data Protection Regulation (GDPR) looming in May 2018 you simply cannot afford not to ensure your website and customer data are secure on a regular basis.

Get a free security scan

A free security scan will tell us how up to date your patches are.

It will also flag other potential vulnerabilities, software updates and hosting issues. For example:

We will gladly share a free report and key recommendations with you, on a no obligation basis.

Stay up to date

Once we’ve run the initial scan, we can schedule regular checks on your website and notify you when new patches and updates are released.

Just ask to be kept up to date and we’ll email you when updates are available.

If you’re wondering about whether to move to Magento 2, read our article or call us for a chat today.

Magento will continue to support Magento 1 with security patches for the foreseeable future and have committed to giving 18 months’ notice if they decide to stop releasing updates.

Book your free security scan and talk to us about your business today.

 

Preparing for GDPR: What does it mean for you?

Take action on your websites and data management now.

Hang on, what is GDPR anyway?

The GDPR – General Data Protection Regulation – comes into force in the UK on 25th May 2018.

This new EU regulation replaces the Data Protection Act (DPA) 1998.

The GDPR has similarities with the DPA as well as new and additional requirements for the handling and processing of personal data. Anyone with day-to-day responsibility for data protection needs to be aware of it.

Failure to comply with the GDPR carries with it some serious fines so now is the time to start preparing for its introduction.

Everything you need to know can be found on the Information Commissioner’s website. We’ve pulled out some key points to get you thinking about what your business will need to do about its digital properties.

Have you got explicit consent from your subscribers?

Can you prove that everyone on your mailing lists – whether customers, prospects, fans or followers – have given explicit consent to be on those lists and marketed to?

Businesses must be able to prove subscribers have positively opted-in to be marketed to. If they filled in a form with a pre-ticked box or simply failed to respond to a call to action (e.g. if we don’t hear from you we’ll assume ….) that’s not good enough.

Implied consent isn’t good enough for the GDPR.

Are your subscribers humans?

If your sign up and opt-in box or page doesn’t have a reCAPTCHA form or confirm your subscription by email process, you might be marketing to robots or unwittingly spamming people. This is not good.

What about those Cookies?

You’ll need to get a handle on exactly what data your website or app is collecting from users.

An understanding of the fair and lawful basis for acquiring that data is required by the GDPR and again, you’ll need explicit consent to do so.

Make sure you’ve got a decent message about Cookies that your users can opt-in to proactively.

You’re going to have to review your privacy policy.

The GDPR is about transparency and accountability. Your website privacy policy is going to need a review.

Businesses must be clear about why and how they are handling people’s personal data, how they ensure it is adequate (not excessive), accurate and kept up to date.

They must also be explicit about how long they keep personal data and what the removal, archiving or deletion process is.

The GDPR reinforces the rights enshrined in the DPA for individuals to request access to the data an organisation holds on them. Individuals also have the right to rectify inaccurate information and have it erased in certain circumstances.

Have you got procedures in place to allow for deleting personal data wherever it may be stored in your business? You’ll also need a protocol for providing personal data to users who request it.

When your privacy policy is up to date do share it with other staff and offer training where appropriate.

Don’t forget to update it on your website or app too.

What about your digital partners with software integrations on your website?

It’s time to review which third parties have integrations on your website or app. Are they taking steps to be compliant with GDPR? Have you got proper agreements or contracts in place with them about handling personal data?

There are some helpful recommendations about Digital Vendor Risk Management available from the Media Trust.

Do you know who’s responsible for Data Protection in your business?

Could it be you? Find out. It’s not legally required to appoint a Data Protection Officer but the buck stops with someone. Make sure you know who’s responsible.

These are just some of the things you need to be thinking about now to ensure your business and website are GDPR compliant by May 2018.

For more information visit the Information Commissioner’s website. We can help you get compliant. Contact us today.