The old saying “prevention is better than cure” certainly applies to data privacy. A small bit of malicious code uploaded to your site can cause enormous damage, from an opening of a pop-up, to a stolen session or password and complete system compromise. As part of your data security policies, you should define how often and when your system scans for this kind of malicious code and what protections are in place to mitigate the risk.
Make sure that any software platforms or scripts that you use on your sites are updated regularly. Hackers are targeting security holes in popular web software, and a deficiency in timely updates leaves your system vulnerable. You should also restrict access to databases or networks to the minimum amount of people required to perform their task.
Develop a response plan to deal with potential breaches, and assign one of your employees to oversee this process. Depending on your company you may have to notify customers, law enforcement, and credit bureaus. This is an important procedure that should be planned well in advance.
Set up strong password requirements for consumer accounts. Also, make sure you have a reliable method of storing passwords like requiring the use of upper and lowercase numerals, special characters, or using salt and hash functions that are slow. Avoid storing unnecessary user data, and when you do, lower the risk level by encrypting the data or deletion after a period of time.