You may not think there is anything on importance on your website, but you need to remember that your website visitors are interacting with your website and can be disclosing personal information which you need to keep secure. Here are our top 5 tips;

  1. SSL Certificates: an SSL Certificate is required for websites where personal data is passed from the user to the website, i.e. name, email, telephone number, username, password, credit card numbers and other sensitive information. An SSL Certificate encrypts this data meaning that it cannot be intercepted by other computers that may intend to steal the data. To check if your website has an SSL Certificate, simply look at the URL of the website, if it begins with “https” instead of “http” and if you can see the padlock symbol it means the site is secure.
  2. CAPTCHA: a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a type of ‘challenge & response test’ used in computing to determine whether the user is human. Most commonly the user is asked to decipher some scrambled letters or highlight squares within a picture. CAPTCHA’s are used to prevent spammers and hackers getting into your website and stealing/abusing the data stored.
  3. Communication Preferences Check Box: if your website collects email addresses for the purposes of marketing, in accordance with the latest GDPR requirements, you must have an ‘opt-in’ method, opposed to an ‘opt-out’ method. Make sure that the emails addresses are stored securely and that individuals can unsubscribe from your service at any time.
  4. Privacy Policy: for websites where visitors input their personal data, i.e. name, email, telephone and other sensitive information, you must display a Privacy Policy on your website that informs users of the following;
    1. Why you collect their data
    2. How you will use their personal data
    3. Who you will disclose their data with
    4. How you will keep their data safe
    5. How long you will retain their data
    6. What are their rights over the data
    7. How to make a complaint
  5. Cookie Policy: cookies are used to track visitors to your website, and if you use cookies that identify an individual and their device, this is considered as storing ‘personal data’. Depending on what cookies are on your website, you must invite visitors to your website to ‘accept’ or ‘reject’ cookies and you must display your Cookie Policy on your website too.

To request a website penetration test to verify the current security of your website, please visit our Information Security page or contact us today.