The old adage “prevention is better than cure” certainly applies to data privacy. A single piece of malicious code posted on your website can cause huge damage. From an ad-hoc pop-up to a compromise of your system, or a stolen session or password. It is important to include in your data security policies the frequency and duration you look over your system for malicious code and what security measures you have in place to limit the risk.
Update all software or scripts which you use on your site regularly. Hackers aggressively target security flaws in popular web software and in the absence of timely updates, it exposes your system to attack. Additionally, you should restrict access to databases or networks to the smallest number of individuals necessary to perform their tasks.
Create a plan of action to deal with possible breaches. You should assign a staff member to oversee the process. Based on the business you run, you might need to notify customers, law enforcement and credit bureaus. This is an important process that should be planned out in advance.
Create strong password requirements and ensure you have a method to store passwords. For instance, you should require upper and lowercase characters, numerals, and special characters. You can also use salt and slow hash functions. Avoid the unnecessary storage of confidential information about users, and if you do, minimize the risk by either encrypting the data or deletion after a period of time.
