Back to List

Website Security: 3 Steps to Protect Your Users’ Data from Attack

Nick Kwiecien Nick Kwiecien  |  
Jul 23, 2019
 
As consumers increasingly care about keeping their information safe and secure, we developers need to make security our mission. Especially in today’s world where there seems to be a new content management system out every five minutes, it’s important to make sure your site and its content aren’t prone to attacks.
 
When you first think about your website’s security, you must consider your users and the data you might put at risk if your site isn’t secure. Applying the following security best practices can keep the data on your site safe. Plus, your site will become more dependable and users will be at ease that the data they are sharing with you is secure. 
 

1. Secure Web Forms

Think about the forms you have on your site and how data is entered. It’s a good practice to implement things like reCaptcha or honey pots to keep bots from entering malicious data. It’s also a good idea to make sure the data that is coming through on forms is only what you need and nothing else. For example, if your form has a numbers field with a max number that can be entered, make sure that’s all that can be entered by implementing a regex or by creating server-side validation that prevents the entry of too many characters.
 

2. Run Sitewide Security Tests

I recommend running a security test on your site to identify any vulnerabilities. There are many different tests available, ranging from free to paid. One that I recently discovered is a free service from Mozilla that scans your site and gives you a score based on your security rating. It also gives you suggestions for changes you can make to your site to improve its security. Below is a screenshot of what the results might look like:
 
mozilla website security test

This isn’t the only way to protect your site(s) from attack. Qualys offers in-depth scans that will pinpoint vulnerabilities on your site down to specific URLs. This can help you fix issues with your sites that you might be unaware of. One of Qualys’ free scans is the SSL scan. It will give you the configuration of the server that hosts your website and determines if things are out-of-date. Two protocols that are quickly becoming out-of-support are TLS 1.0 and 1.1. PayPal is one of many different companies that now requires TLS 1.2. The SSL scan will tell you if your server can run this protocol. Below is a sample of what this test will look like:
 
qualys website ssl scan
 

3. Ensure Data Act Compliance

It’s important to make sure your site and the data you house are secure because there are now many different compliance acts currently in effect. One of the most important acts concerning Protected Health Information (PHI) is HIPAA (Health Insurance Portability and Accountability Act). This act requires that any PHI be safeguarded and, if a breach were to occur, that consumers be notified. If you don’t already have a data breach plan, it’s important to put a plan in place so you know how to respond if the worse were to happen.
 
Another compliance act is GDPR (General Data Protection Regulation), which is now a standard in the European Union. GDPR was made to keep personal data for EU citizens safe. As with HIPAA, if there is a breach, fines can be handed out. One thing that GDPR is requiring is that users can remove their data from your system. With the way data is currently stored in sites, that can be tricky to manage.
 

Web Security Requires Constant Vigilance

Vulnerabilities in your site(s) can be costly. Therefore, it is vital to make sure your site is secure for your safety and the safety of the users of your site. Since things are constantly changing, I recommend reading the latest in web security and running regular security tests to keep on top of security flaws. It’s important to know if your site is at risk and how you can make changes to keep user data safe and yourself protected.
 
SecurityWeb Development

 

Love our Blogs?

Sign up to get notified of new Skyline posts.

 


Related Content


Blog Article
10 Actions Mid-Sized Businesses Should Take Because of GDPR and CCPA
Jeremiah RobinsonJeremiah Robinson  |  
Apr 11, 2019
If you own a business or manage an IT or marketing department with an online presence or a mailing list, the new privacy laws passed in Europe and California will almost certainly affect you, and sooner than you may think. Following is a brief summary of our understanding of the laws, along...
Blog Article
When to Consider Using a Headless Content Management System
Daniel MaleyDaniel Maley  |  
May 29, 2018
As a member of Skyline’s Website Design & Development team, I have built several websites over the years using traditional CMS platforms. Building your website with a great CMS like Kentico has a ton of benefits such as improved site maintenance, workflow management, security, and the...
Blog Article
Most Promising Ways to Improve Website Design and Development
Axel LarsenAxel Larsen  |  
May 24, 2018
I recently had the privilege of attending Smashing Conference in San Francisco. Filled with many like-minded developers and designers, Smashing Conference brought together an excellent lineup of some of the most promising ways to improve how we design and develop websites. It was a great way to...
Blog Article
What Skillsets are Needed to Maintain a CMS Website?
Marla KrauseMarla Krause  |  
Apr 24, 2018
Most people realize they need to understand SEO. But what most don't realize is that they need to understand, to some degree, how a webpage is built to be able to maintain their website.   If you're working with a CMS (Content Management System), like Kentico, Sitecore or even...
Blog Article
The Prevalence of Webhooks
Alex WoodwardAlex Woodward  |  
Feb 23, 2017
Modern web and mobile applications often require real time information transfer from a server to a client. With a server able to push content to connected clients instantly, as it becomes available, the server does not have to wait for a client to request new data. This need may arise for...