Website Security – How robust are your processes?

Website security can feel like a scary subject whatever the size of your organisation. However, if you are a small business and are not technically minded it can feel like something you just want to brush under the carpet…but it’s crucial that you don’t.

So, how robust are your website security processes? Do you have processes? If not, where do you start?

Hopefully, this article will help. We’ve set out 5 key areas for you to get started on – taking time to evaluate your current processes or to get one established where there isn’t one.

1. Define your user access

The first area is to understand who has access to your website and any data you hold.  Do they need to have access? Do they only have access to the areas they need, or more? Defining the different levels of user access is really important – you should only give people access to what they need to do their job effectively and nothing more. This should be reviewed regularly. If this is something you don’t yet do, start with an audit of who accesses what…determine if this is correct and then plan a timetable for review to determine whether they still have the correct access levels. Your tech partner can help you to define a user access strategy if this feels overwhelming to do yourselves.

2. Keep everything up to date

Security updates mustn’t be ignored. Do you have a plan for when software needs updating? Are you on top of it? Who does this for you? What about your servers? These can often be forgotten, as can software which is used remotely by employees working from home. It’s crucial that all the pieces of your technology portfolio are kept up to date and maintained.  If you don’t use a tech expert or agency to do this for you, you may want to consider doing so. The longer the gap between an update being required and it being applied increases the risk of a security breach. An audit of all your technology and an organised plan of timely updates is a vital step in keeping your website safe.

3. Establish a plan for back ups

Is your back up plan robust? Along with updates, you need a process in place for backing up information as well as a copy of the latest version of your website should you need to restore it. You must ensure that all the information needed to run your organisation is included in your back up plan to mitigate against disruption that could be caused in a cyber-attack.

4. Keep on top of your data

If you collect data through your website, you must have a process to ensure that you are regularly reviewing whether you have a valid and transparent reason to be collecting that data, that you have the correct permissions and that you are storing the data securely. Data collection via your website is usually an automated process and its requirement can quickly become out of date or its existence forgotten.  GDPR sets out the legal requirements around the collection and use of personal data. Click here for more details

5. Accounts and passwords

Every user should have their own account – do not allow sharing of accounts. Do you use a secure single sign-on system? If not, make sure that users set a strong password that is unique to the website and not shared with another system. Change passwords regularly to keep them extra secure. Store passwords in encrypted form, this ensures that even if there is a security breach, attackers do not get their hands on actual user passwords. If you use electronic storage for your passwords, remember that this file itself will need to be encrypted and passworded.

We hope this top 5 helps you to prioritise your website security processes. However, it not a complete list. If you are looking for further information, we’ve written lots of articles around different areas of website security which you can access here on our website, you’ll also be able to access our Information Security Hub. 

If all this feels daunting and you’d like to speak to an expert, get in touch with us. 

Who are we?

We are Olamalu, Drupal experts, experienced web developers and proud to say that we’re ISO/IEC 27001 certified (the world's best-known standard for information security management systems).

We’re a friendly and down-to-earth team based in West Oxfordshire, who work together to achieve brilliant outcomes. We’ve been developing websites and designing tailor-made tech solutions for a huge range of different challenges for over 10 years.

We work with many of our clients as an ongoing technical partner, but we also offer a consultancy service to solve a specific strategic challenge.

November 2023