Back to List

Website Security: 3 Steps to Protect Your Users’ Data from Attack

Nick Kwiecien Nick Kwiecien  |  
Jul 23, 2019
As consumers increasingly care about keeping their information safe and secure, we developers need to make security our mission. Especially in today’s world where there seems to be a new content management system out every five minutes, it’s important to make sure your site and its content aren’t prone to attacks.
When you first think about your website’s security, you must consider your users and the data you might put at risk if your site isn’t secure. Applying the following security best practices can keep the data on your site safe. Plus, your site will become more dependable and users will be at ease that the data they are sharing with you is secure. 

1. Secure Web Forms

Think about the forms you have on your site and how data is entered. It’s a good practice to implement things like reCaptcha or honey pots to keep bots from entering malicious data. It’s also a good idea to make sure the data that is coming through on forms is only what you need and nothing else. For example, if your form has a numbers field with a max number that can be entered, make sure that’s all that can be entered by implementing a regex or by creating server-side validation that prevents the entry of too many characters.

2. Run Sitewide Security Tests

I recommend running a security test on your site to identify any vulnerabilities. There are many different tests available, ranging from free to paid. One that I recently discovered is a free service from Mozilla that scans your site and gives you a score based on your security rating. It also gives you suggestions for changes you can make to your site to improve its security. Below is a screenshot of what the results might look like:
mozilla website security test

This isn’t the only way to protect your site(s) from attack. Qualys offers in-depth scans that will pinpoint vulnerabilities on your site down to specific URLs. This can help you fix issues with your sites that you might be unaware of. One of Qualys’ free scans is the SSL scan. It will give you the configuration of the server that hosts your website and determines if things are out-of-date. Two protocols that are quickly becoming out-of-support are TLS 1.0 and 1.1. PayPal is one of many different companies that now requires TLS 1.2. The SSL scan will tell you if your server can run this protocol. Below is a sample of what this test will look like:
qualys website ssl scan

3. Ensure Data Act Compliance

It’s important to make sure your site and the data you house are secure because there are now many different compliance acts currently in effect. One of the most important acts concerning Protected Health Information (PHI) is HIPAA (Health Insurance Portability and Accountability Act). This act requires that any PHI be safeguarded and, if a breach were to occur, that consumers be notified. If you don’t already have a data breach plan, it’s important to put a plan in place so you know how to respond if the worse were to happen.
Another compliance act is GDPR (General Data Protection Regulation), which is now a standard in the European Union. GDPR was made to keep personal data for EU citizens safe. As with HIPAA, if there is a breach, fines can be handed out. One thing that GDPR is requiring is that users can remove their data from your system. With the way data is currently stored in sites, that can be tricky to manage.

Web Security Requires Constant Vigilance

Vulnerabilities in your site(s) can be costly. Therefore, it is vital to make sure your site is secure for your safety and the safety of the users of your site. Since things are constantly changing, I recommend reading the latest in web security and running regular security tests to keep on top of security flaws. It’s important to know if your site is at risk and how you can make changes to keep user data safe and yourself protected.
SecurityWeb Development


Love our Blogs?

Sign up to get notified of new Skyline posts.


Related Content

Blog Article
Mitigating Security Challenges in the Professional Services Supply Chain
Brian MorganBrian Morgan  |  
Jun 02, 2020
In this blog, Brian Morgan, Director of Security at Skyline Technologies, explores how to protect your business from cybersecurity threats in the professional services supply chain. Click here to view the full webinar.   Cybersecurity threats are a mounting concern for the professional...
Blog Article
“Bye, Bye, Bye” to AES in ECB Mode
Tony RopsonTony Ropson  |  
May 05, 2020
Early last month, a group operating out of the University of Toronto released a report highlighting some of the security flaws found in the popular online meeting app Zoom. Their report highlighted a few concerning things. However, the one area I want to highlight is the type of encryption...
Blog Article
How to Create an ADA-Compliant Website: A Checklist
Melanie LenaghanMelanie Lenaghan  |  
Nov 19, 2019
This year, Google searches for "ADA compliance" and "website ADA compliance" have skyrocketed. More and more organizations are realizing the benefits of compliance (and the penalties for not complying), and that's driving a surge of ADA compliance. If you're unfamiliar...
Blog Article
7 Key Takeaways from Kentico Connections 2019
Melanie LenaghanMelanie Lenaghan  |  
Oct 10, 2019
Last week I spent two packed days attending Kentico Connections 2019 to learn what mid-size to enterprise businesses should be aware of heading into 2020.   We got an overview of the Kentico Roadmap regarding EMS and Kentico Kontent (formerly Kentico Cloud). And the highlight was the...
Blog Article
10 Actions Mid-Sized Businesses Should Take Because of GDPR and CCPA
Jeremiah RobinsonJeremiah Robinson  |  
Apr 11, 2019
If you own a business or manage an IT or marketing department with an online presence or a mailing list, the new privacy laws passed in Europe and California will almost certainly affect you, and sooner than you may think. Following is a brief summary of our understanding of the laws, along...