Diligent About Security
by Adam Harding | 8th November 2017 Website Maintenance
Diligent About Security
Ensuring your website and data are secure is vitally important to your business. If your website is compromised by a malicious party, or you lose data due to poor management practises not only can this result in a loss of trust from your customers, but with the new General Data Protection Regulations (GDPR) coming into force next year it could also result in quite a hefty fine. So it is more important than ever to be certain that your own security, and that of your website is properly taken care of.
Digital Security Policy
Security is not a plugin, it is not something that can be just bolted on after a website has been built. There are too many aspects to it, keeping data secure needs to encompass everything from the physical location of the server, to the quality of the code and the strength of the passwords. Even then it can be undone by an employee with poor password management.
This is why we have written our own security policy document. Version 1 is now available to all of our clients and barring minor tweaks will be the basis for our ongoing security processes until the next review in 12 months time. It explains how we handle and store your data & websites, and the steps we take to ensure they are protected. Below is a very brief overview of some of the key points.
We host a number of websites for clients, several containing customer data, contact details and so forth which would fall within the remit of the data protection requirements (and the new GDPR requirements). We are therefore required to take all reasonable steps to keep this data stored safely. Our hosting solution is through a company called Memset who are fully ISO-27001 certified meaning they meet all requirements for physical and digital data security.
We obviously use a great many passwords on a daily basis. Our protocol here is very simple, all passwords are automatically generated with at least 8 characters including numbers & special characters, these are then encrypted on our own password manager and never stored anywhere else. No browser password managers, no notes written on desks, nothing. Whenever an employee leaves Diligence all passwords are changed.
Client Website Security
For those clients on a Diligence retainer package, security updates are now included as standard. We will regularly patch open source websites such as wordpress or magento, and offer security updates for websites built on our own CMS as we develop them.
If you would like to know more about our own security policy & processes, or would like to read our security policy document please email email@example.com
Article Tags Data security (1)
Digital security policy (1)
Website security (1)