The old adage “prevention is better than cure” certainly applies to data privacy. A small bit of malicious code uploaded to your website can cause massive damage, from a pop-up window opening to passwords or sessions stolen and complete system compromise. As part of your data security policies you should specify the frequency and duration at which your system scans for this type of malicious code, and what protections are in place to minimize the risk.
Make sure that any scripts or software used on your websites are updated regularly. Hackers are constantly looking for security flaws in popular web software and in the absence of timely updates, it opens your system up to attack. Additionally, you must restrict access to networks or databases to the least number of users required to do their duties.
Create a response plan to address potential breaches, and assign a staff member to manage this process. Based on the nature of your business, you might need to notify consumers, law enforcement agencies, customers, and credit bureaus. This is a serious issue that must be planned in advance.
Create strong password requirements and make sure you have a method to save passwords. For example, requiring upper and lowercase characters, numerals and special characters. You can also use salt and hash functions that are slow. Avoid storing unnecessary information about users, and if you do, limit the risk by either encrypting the data or deletion after a period of time.