Home > Articles > Security & compliance > Safeguarding customer data

Safeguarding customer data

date

Alberon has always taken security extremely seriously. Many of our clients websites collect sensitive data, particularly those with ecommerce websites. You can’t be complacent or relax vigilance against cyber criminals.

To keep your website secure, you need layers of security in place to help defend against any online attacks. As part of this, you should consider purchasing an Secure Socket Layer (SSL) Certificate.

Secure data transfer

Hyper Text Transfer Protocol Secure (HTTPS) enables users to browse your website securely. It encrypts the data as it travels between the user’s computer and your website making it useless to hackers if they intercept it. Without HTTPS, websites transferring data (such as passwords and personal information) can be accessed by criminals.

To create a HTTPS connection, a web server requires an SSL Certificate that you will need to purchase from a certified authority and install on the server. The certificate is normally valid for a year and needs to be renewed annually.

You can tell if a website has an SSL certificate installed by checking that the URL starts https:// and there is a green padlock or tick. These are both signs to show that the data will be encrypted, so users should tread carefully when using sites that don’t have that symbol.

Using websites without an SSL certificate is very risky for customers who use the same password for everything and for websites that take online payments and are passing credit card details unencrypted.

Every website that is hosted with Alberon will include an SSL certificate as standard.

Keep your passwords safe

Having to remember and enter passwords is annoying for everyone, but they are necessary to prevent unauthorised access to your computer, email, website and other accounts. If your password falls into the wrong hands it could affect more people than just you.

If you have access to personal data, especially sensitive data, it could be stolen and used for identity theft or blackmail. You could potentially incur penalties under the Data Protection Act if you have not taken appropriate steps to ensure security.

It is vital that you keep your passwords safe.

Choose passwords that:

  • are memorable to you only
  • are over 12 characters long (these are harder for hackers and computer programs to crack)
  • combine different words (either random or quirky phrases)
  • include one or more special characters (for instance, capital letters, an exclamation mark or numbers)
  • are unique, i.e. choose a different password for each account you own. Use a password manager to help you remember all your different passwords – it means you only have to remember one master password.

Maintain your security

Security updates might not be considered a priority, but they are crucial for keeping your website secure. Just as you’d be unwise not to fix a broken window at home, failing to keep your security updated makes you easy prey for criminals. Interception of data perhaps containing credit card numbers or addresses is a possibility on insecure sites. The data is used by criminals to sell on, make purchases and all sorts of other criminal activities. If your site handles this kind of information, and you have not taken appropriate measures, such as installing security updates and implementing HTTPS (SSL) to encrypt data for all sites that take payment online, then you could be prosecuted under the UK Data Protection Act.

Security updates fix vulnerabilities in systems, preventing your website from being exploited by hackers, who are continually searching for weaknesses to exploit. Security updates ‘patch’ up these vulnerabilities to keep your systems secure.

Monitor your security updates by checking your content Management System dashboard. Most content management systems, such as WordPress, display the updates ready for download. If your CMS doesn’t or you are unsure, contact your hosting provider.

Check if your website is backed-up as part of your hosting package. This means that you will have a recent version of your website to go back to should your website get hacked.

If your website is more than 5 years old, speak to your hosting provider to ensure that you are receiving the necessary updates and your CMS is still fully supported. It may mean migrating to a newer CMS to ensure your website remains fully secure.

If you are unable to keep on top of your web security, it is worth finding a company to manage your security for you.

Maintain secure, quality code

Code should be reviewed regularly throughout a project. Even the smallest of mistakes can become a large problem over time.

Errors could include anything from typos to unused (dead) code.

If reviewing older systems, dead code could be the result of hacks. Finding these before they can cause any harm can give you a chance to fix any problems, such as bugs or stolen information, before anything malicious occurs.

Code reviews allow specialists or developers with good experience to review particular aspects of code, such as compliance with security standards, which they know well. This is especially important if security is a key part of the project.

back to top