Data privacy is a case where the old adage « prevention is better than cure », certainly applies. A small piece of harmful code uploaded to your site can cause enormous damage, ranging from the opening of a pop-up window to a stolen session or password and complete system compromise. It is important to include in your data security guidelines how often and by whom you check your system for malicious code and what protections exist to limit the risk.
Update all software or scripts that you use on your website regularly. Hackers aggressively target security flaws in popular web software applications and a lack of timely updates exposes your system to attack. Additionally, you must restrict access to networks or databases to the least number of people required to perform their duties.
Create a plan of action to deal with potential breaches, and designate an employee to oversee the process. Depending on your company, you might need to inform customers, law enforcement agencies, and credit bureaus. This is a significant process that should be planned in advance.
Implement strong password requirements and ensure you have a way to save passwords. For example, you may need to use upper and lowercase characters, numerals and special characters. You can also use salt and slow hash functions. Avoid the unnecessary storage of confidential information about users, and if you do, lower the risk by encryption the data or eliminating it after a certain amount of time.