Website security: our tips for staying safe

Add to: Digg Add to: Del.icio.us Add to: Facebook Add to: Furl Add to: Google Add to: Live Spaces Add to: MySpace Add to: StumbleUpon Add to: Twitter
Tuesday October 16, 2012 at 9:00am
Business owners are growing to rely more and more on their website, not just a shop window or electronic brochure but as a method of accepting orders, taking payment and building the overall presence and reputation of their business. Having your website compromised therefore could be a serious problem, threatening cash flow and credibility. This guide is designed to provide quick wins to build security into websites and provide trust to potential clients and is essential reading for all website owners.

Building in website security

Security hardening

Make sure all web server applications are updated on a regular basis, new security flaws appear all the time in Flash and Java for example. Outdated software should be removed or deleted from the server hosting your website.

Daily website scans

At server level employ vulnerability scanning software. This can quickly highlight the latest vulnerabilities and provide a detailed report on the potential attacks your website could suffer.

Shopping carts

If you accept major credit cards (Visa, MasterCard, Discover, American Express), you are now required by the Payment Card Industry Security Standards Council to become compliant with the Payment Card Industry Data Security Standards (PCI DSS). Meeting this compliance will provide peace of mind to potential customers that your organisation takes their information security seriously.

SSL

Install a SSL certificate by a trusted CA (Certificate Authority). By using a connection with such security features, the user can be more confident that their account is safe from hackers.

Penetration testing

Yearly Penetration testing is good security practice. Prevention is better than cure.

Logs

For all servers, organisations should ensure logs are written to dedicated logging servers or write only devices, reducing the risk of an attacker manipulating logs stored locally on compromised machines.

If your business has a website you should be concerned about security. Whilst most business owners may not fully understand the technical implications of the quick tips provided above, hopefully they provide a useful check-list to discuss with your in-house website team or the company hosting your website.

Marcus Allen
Parker Management Consultants

Comments on this post:

There aren't any comments for this post yet. Why not be the first to comment?

Share your experiences:

Your Name  
(to appear with your comment)
Email Address  
(will not be published)
Comments:  
Human Validation Check  
In the box below, please type the characters that you see in the picture. This helps us to ensure a real person (and not a crafty computer!) is submitting this form.

Enter the code shown to the left:

Parker Management Consultants, 1st floor, Dominion Court, 43, Station Road, Solihull, B91 3RT Contact us here