“Security” covers a wide range of activities, advice and best practice, but it’s all tied together with protecting your two biggest assets: the customers’ data, and your ability to run the business successfully.
Below is a selection of the things we do to protect your data and your business. We’ve worked with customers who are ISO 27001 certified, ensuring that we understand the high standards required.
1. Data Validation
A simple, and sometimes overlooked protection is to properly check any data coming into the system. For example, spotting that someone is attempting to deliberately enter incorrect details to try and break the system. Every modern web application has some built in protection, but when we connect our website to other systems, it opens up the possibility of data arriving that has been tampered with!
When we create an integration with your clients systems, or your ERP system, we ensure that only the right data makes it through, and errors are flagged up.
2. Monitoring
Your shiny new website is all set up, goes live and starts taking orders. Most people might just check to see that the website is online, using one of the many online services such as “Pingdom”. But does “online” mean “able to trade”?
We can monitor your website in-depth – checking that payment systems, warehouse integrations and automated processes are all working.
3. Single Sign-On
This is the process where you (or your client) has a service for validating user accounts, so that people don’t end up with lots of different passwords for different systems and services. Having that situation is a security risk, because often, having one of those passwords stolen could lead to a malicious person accessing multiple systems. It also takes care of staff changes – for example, ensuring that people who have left can no longer access the system.
4. Password Manager for all Staff
A “password manager” is a tool which safely stores all your passwords. Sometimes a Single Sign-On is not available, and you do need to save a password. At GetJohn, we have a separate secure password vault for all staff, so they only have access to the passwords needed, keeping your information safe. If you’d like to start using one, for non-technical users we recommend BitWarden or 1Password.
5. Restricted Admin Access
Most companies use ‘cloud’ services – in other words, services accessed via a web browser, which aren’t located in a company office. Typically, these services can be accessed from anywhere, so there’s no restriction in place to prevent a login from a highly privileged user if, say, their password was stolen. GetJohn can put restrictions in place to ensure only your offices can access the system, or add Two Factor Authentication to prevent issues with stolen passwords.
6. Secure, Structured Backup
We hesitated to include this, because it’s such a standard, expected feature – but not all backups are created equal. For example, if you tick the “backup” option on a typical cloud-provider’s server, you will get a full snapshot of that server either once per day or once per week. A “snapshot” is like a photograph of the server’s disk, so the only way to make use of this is to create a brand new server using that snapshot, and then log in to it and find the files you need. This can be an expensive process.
GetJohn has created a backup system that pulls data from the servers – and includes only the relevant data – for example, ignoring temporary files. It provides daily and weekly copies of files, meaning we can go back in time to an individual file if a particular issue occurred in the recent past.
7. Application Patching
Whether your website is built using WordPress, Magento, Drupal or another system, we can ensure the latest vendor-supplied security patches are in place. This vital work often goes forgotten on websites, leaving them running old, vulnerable software. We’ll keep your website safe, and it’s the reason we recommend using certain systems to build our clients’ stores.
8. Server Upgrades
We monitor all servers to check for any vendor-supplied updates. You’ll be familiar with your laptop or desktop asking you to “restart and apply updates” – we do the same thing for your website, in a carefully managed way, ensuring that we’re always as safe and up to date as possible.