Now that General Data Protection Regulation (GDPR) has been put into place by the EU, how secure is your site?
Firstly we have to look at several important factors to this for visitors to your website. This is all based around if your website is taking any data from the user.
The first factor is cookies. When a user visits a website it will create a cookie which is a short term memory item for the website. This enhances the users experience. This information might be about you, your preferences or your device. This information does not usually directly identify you, but it can give you a more personalised web experience. A good example is if you visit BBC website you will notice at the top it says about cookies, this means that by accepting this you are allowing them to take this information. So you will need to have some sort of cookie popup that allows this.
The second factor is Does my website have any forms? If the answer to that is yes, then you need to ensure your website is secure.
Once the form is submitted, what is happening to it and where is it being stored, the data needs to be stored securely, and you should only store information you actually require. This also includes any backups of the database you have.
The third factor is keeping your site up to date, a website is like a car going for its yearly MOT, if this isn't done then it is likely to break down. By ensuring the website is kept up to date, you are ensuring these fixes stop hackers from getting your users data. If you don't regularly keep the site updated then this can be exploited, and a hacker can use something like a SQL Injection which is running some code on your site remotely to access this data.
The fourth factor is secure hosting, many people think the £1.99 a month hosting is fine. But its not. If your site stores personal data, you need to ensure it has an SSL certificate or https shows in the address with a padlock. This is also very important for SEO as Google is now starting to ignore websites without this.
If a security breach occurs then that data can be exposed and it identifies that personal information which can have huge financial consequences.
This article was by written by Digidrop and appeared in the July edition of Surrey Lawyer.