Zitec Blog

The A, B, C’s to protect your eCommerce - VTEX’s best cybersecurity practices

Written by Simona Negru | Dec 9, 2022 6:21:06 AM

In a previous article on Common but disregarded trends that expose eCommerce businesses to cybersecurity incidents, we reconfirmed the growing worldwide popularity of online shopping and the eCommerce emerging trends and challenges that businesses face. eCommerce sites hold a great deal of information about their clients. That makes businesses an objective for cybercriminals. The increased level of attacks is the price many retailers have to pay if they do not have cybersecurity measures in place. 

Therefore, eCommerce cybersecurity is paramount if you want to keep hackers at bay, as well as increase customer satisfaction and safety. Protecting your website from unauthorized access, reputational damage or complete destruction of sensitive information is no easy task. Luckily, there are certain platforms like VTEX that offer security functionalities and protection against possible attacks on stores. In this article we will discuss how such platforms can protect your assets. 

VTEX - a security platform that keeps customers safe

VTEX is a global commerce and marketplace solution provider that offers e-vendors a centralized platform for creating and managing their online stores. It enables retailers to reach their customers wherever they are, through an omnichannel ecosystem, as well as to achieve a fast time-to-market, or to discover new areas for development and growth. Major brands such as Sony, Walmart, Whirlpool, Coca-Cola, Nestlé, and more than 3,200 active online stores in 38 countries trust VTEX to accelerate and transform their commerce.

VTEX believes that privacy and cybersecurity are key to success in any business. They have a dedicated team who ensures that effective security practices and measures are implemented to restrict malicious control and keep data secure. 

How to protect your website security posture, according to VTEX

A safe online environment is desirable. Yet, for this, you would need a platform that offers high levels of data integrity, confidentiality, and robust security measures. We’ve extracted and explained 7 best security practices VTEX believes in and enables.

⚠️ Employees education and awareness on data security and privacy 

Employees are a critical line of defense in protecting the company and clients’ sensitive data. A dedicated team that brings awareness on cybersecurity best practices is a must in any business. VTEX has one such team that educates the employees on the adoption of security features, how to identify frequent attack vectors, including phishing emails, or how to report them. Thus, they measure the effectiveness of security awareness programs via performance indicators. Worth mentioning is that a comprehensive program that delivers annual security training to all employees and third parties is a step forward to keeping your assets protected. 

⚠️ Regular cybersecurity audits & compliance checks

VTEX conducts internal or external compliance audits. The reason for this is to make sure they constantly have up-to-date processes and to automate their control checks. If you also consider having such audits in place, this will help you to have an active compliance dashboard.

Needless to mention, compliance with the governance obligations is a must. Therefore, you should be aware of the regional privacy and data protection regulations, including the EU General Data Protection Regulation (GDPR), Brazilian General Data Protection Law (LGPD), and California Consumer Privacy Act (CCPA). 

⚠️ Monitor your Security Logging and ecosystem for vulnerabilities

When we talk about an information security monitoring system, we refer to a series of resources used to avert third parties from accessing sensitive data. VTEX offers 24/7 monitoring of resources in their environment. Alerts are generated through pre-defined rules and correlated detection logic. So, an incident response team investigates the root cause of these alerts and immediately applies standard processes and procedures. 

To prevent unauthorized access from happening, you should also monitor all the critical services to identify any possible anomalies. In addition, all the event logs should be collected by your detection and response system.

⚠️ Enable HTTPS and secure communication over your server and network

To keep data safe, VTEX adopts robust cybersecurity measures to classify and encrypt the critical information, in transit and at rest. VTEX encrypts all confidential data and does not disclose customer information, except in situations when they provide or resolve technical/service problems upon client’s request.

Although cyber criminals can intercept the connection between the consumer and store, this technology makes it hard for them to read your data. Hence, VTEX’s advice here is to be aware of the fact that you are the only one who can read it from inside your server through the private key generated by the system. Encryption will not only safeguard data integrity, but you will also maintain confidentiality throughout its lifecycle. The HTTPS protocol encrypts data traded between the site and the user. This is essential to secure your communications over computer networks.

⚠️ Two-factor authentication and robust passwords

Since VTEX strictly monitors all their production areas, they have implemented secure configurations and a robust password policy to access the systems. Thus, they use a minimum number of characters and special characters, as well as they change passwords and perform session control periodically. A rule of thumb for VTEX is not to use previous passwords.  

VTEX’s recommendation is that you should grant permissions to your system only based on legitimate requests and qualified personnel. Hence, allow access to your segregated environments only for persons using multiple layers of two-factor authentication (2FA). In 2FA, during the login process, the system will ask for an extra key generated via an SMS or an app code. This key expires at a certain time. So, if someone has your credentials and intends to access your store account, without authorization, the task becomes almost impossible to achieve.   

⚠️ Cybersecurity measure, firewalls and threat recovery

Threat Intelligence and Incident Response 

VTEX has an incident response plan conducted at various stages, including threat recovery methodologies and post-incident activities. One important corporate objective they consider you should always keep an eye on is to be able to quickly identify potential threats and respond to them in an effective manner. Therefore, a specialized detection and response team can help you develop threat intelligence measures and analyze any related security incidents. 

Anti-fraud solutions

An anti-fraud solution usually analyzes online purchases or identifies fraudulent operations. VTEX uses its anti-fraud solution to collect this data and to compare it with suspicious patterns. Thus, any order or activity that imposes risks can be easily denied. The company believes that in eCommerce transactions or activities, you must have an overview of your buyer behavioral data to prevent suspicious exploitations from happening. 

⚠️ Risk Management and Risk Assessment

A concrete risk management measure can depict any potential security threats. VTEX uses risk mapping processes that help them understand what impact these threats can impose on their strategic capabilities. The risk management process should address the entire risk lifecycle, so that you could immediately mitigate the identified threats.  

Risk Assessment processes are important for any organization as they help you identify potential risks among your suppliers and third-party partners. For the sake of transparency, VTEX allows FAQs regarding the platform’s structure and security. These help you understand:

  • if VTEX meets the cybersecurity requirements set by the client
  • the technical details about the security architecture
  • any potential risks on the platform

Choosing the best strategic partner 

Now that you have all the information regarding the security best practices needed to protect your business, the question that remains unaddressed is choosing the appropriate strategic partner to accelerate your digital commerce transformation. The eCommerce world is a minefield - there is no doubt about this. But cybersecurity should always be at the forefront of your mind when it comes to your online store. 

When considering working with an expert in this regard, there are certain services that a particular partner should be on top of. To name the most important ones: 

  • the implementation of the collaborative commerce platform
  • deployment of the platform
  • reinvention of the B2C, B2B, D2C business models
  • creation of amazing customer experiences
  • the ability to open new revenue channels 

In addition, high-security services that meet the market demands is a key factor for businesses to thrive. Following this line, Zitec is a VTEX implementation partner. We offer all the mentioned services and more. For those clients already using the VTEX platform, we also offer our consultancy and growth expertise.

The eCommerce platform you choose for your business can have a huge impact on your cybersecurity posture. Choose carefully. We are always at your disposal if you want to talk more about cybersecurity in eCommerce.