Most organisations now have a website as an integral part of their business strategy. UK statistics suggest that over eighty percent of companies now have a website presence.
However, just having a website also creates new dangers for both owners and users. Attacks on business-critical information through the website can come from anywhere. This includes from geographical locations and legal territories far from home.
But, the risk of threats coming from inside the organisation cannot be ignored either. There are plenty of cases where disgruntled employees or those facing the sack have wrought considerable havoc upon a company's website by accessing the back-end of a website and destroying software and data
So it's not a question of ‘if’ you will be attacked, but ‘when’.
The security of your organisation's website must always remain a top priority. It can be achieved by taking some simple steps. This short introductory article will look at things you need to consider in providing adequate web security.
Web security - basic principles
Consider the following basic tips for securing your website.
- Identify what business assets need protection
Do you know how many websites you have or what social media sites you are using? What intellectual property do you have on the website? What information does your website publish?
- Determine the website's exposure to risk
Some websites may be more vulnerable than others. In this age of unified communications what's posted on one site can reappear on another within seconds. Have you copyrighted your content and set up digital rights management?
- Develop a web security policy
Have you developed a website security policy? Does the security policy have buy-in from the boardroom? Is it made available to everyone throughout the organisation?
- Protect the assets cost-effectively and reduce exposure to risk
Do you use a back-up service to protect software and information on your website?
- Obtain fit-for-purpose security for the site’s system design, development, deployment and maintenance
Off the shelf security is fine for standard websites that don't have a lot of functionality. But once your website gets sophisticated consider purchasing bespoke security from a reputable security software provider.
- Provide good access control
Who has access to your website, both back end and front end? Lock the website down, restrict access and make sure you have monitors checking web chat and discussion rooms, where appropriate.
- Use encryption to safeguard important data and require effective authorisation
Encryption is especially important if your website contains sensitive information such as personal or banking records that could be used for carry out financial fraud or other cyber crime.
- Ensure compliance with legislation
Does your website comply with all the rules and regulations in each country in which it can be accessed? Or have you tried to limit your liability by placing correct disclaimers on the site? Consider using E RADAR's Cyber Legislation Tracker
- Set out contingency/business continuity plans in the event of disaster
What happens if you or your website hosting company has a fire, is evacuated due to a bomb threat or has a major power failure? Have you got cyber liability insurance?
- Regularly monitor, review and update security
Consider using external consultants to give you a non-biased opinion of your web security. Make sure that you regularly train your staff on the latest web security issues and keep up to date with the latest threats using free security alerts.
You can also check out our article about the threats of using WordPress-based software for your website.