The old saying “prevention is better than cure” certainly applies to data privacy. A single piece of malicious code that is uploaded to your website could cause a huge amount of damage. From pop-ups to a complete security breach, or the theft of a password or session. It is important to include in your data security guidelines the frequency and duration you scan your system for malicious code and what security measures are in place to minimize the risk.
Update all software or scripts which you use on your website regularly. Hackers are able to exploit security holes in popular web software and in the absence of timely updates, it exposes your system to attack. It is also recommended to restrict access to networks or databases to a minimum number of people required to perform their job.
Develop a response strategy to address potential breaches and assign a staff member to manage the process. Based on the nature of your business you may need to inform customers, law enforcement and credit bureaus. This is an important step that should be planned well in advance.
Implement strong password requirements on consumer accounts. Make sure you have a good method for storing passwords, such as requiring the use of upper and lowercase letters, numerals and special characters as well as using salt and slow hash functions. Avoid storing sensitive user data, and if you do, lower the risk by either encrypting the data or eliminating it after a certain amount of time.