We specialise in Drupal

How secure is my website?

Now that General Data Protection Regulation (GDPR) has been put into place by the EU, how secure is your site?

Firstly we have to look at several important factors to this for visitors to your website. This is all based around if your website is taking any data from the user.

The first factor is cookies. When a user visits a website it will create a cookie which is a short term memory item for the website. This enhances the users experience. This information might be about you, your preferences or your device. This information does not usually directly identify you, but it can give you a more personalised web experience. A good example is if you visit BBC website you will notice at the top it says about cookies, this means that by accepting this you are allowing them to take this information. So you will need to have some sort of cookie popup that allows this.

The second factor is Does my website have any forms? If the answer to that is yes, then you need to ensure your website is secure.

By having a form on your website you are taking personal data and this is likely to be stored into a database, if your website is using a popular content management system like Drupal, Wordpress, Umbraco (to name but a few) of course your site may be none of these but still have a database. When any personal data is stored on a website you must highlight to the user; what you are going to do with that data being supplied by them. This is best placed in a link that goes to a page on your Privacy Policy. If you want them to sign up to your newsletter then you need to give them this choice to.

Once the form is submitted, what is happening to it and where is it being stored, the data needs to be stored securely, and you should only store information you actually require. This also includes any backups of the database you have.

The third factor is keeping your site up to date, a website is like a car going for its yearly MOT, if this isn't done then it is likely to break down. By ensuring the website is kept up to date, you are ensuring these fixes stop hackers from getting your users data. If you don't regularly keep the site updated then this can be exploited, and a hacker can use something like a SQL Injection which is running some code on your site remotely to access this data.

The fourth factor is secure hosting, many people think the £1.99 a month hosting is fine. But its not. If your site stores personal data, you need to ensure it has an SSL certificate or https shows in the address with a padlock. This is also very important for SEO as Google is now starting to ignore websites without this.

If a security breach occurs then that data can be exposed and it identifies that personal information which can have huge financial consequences.

This article was by written by Digidrop and appeared in the July 2018 edition of Surrey Lawyer.

Who we've worked for

Global Medical Training
University of Surrey

Get in touch
+44 020 8050 1714

Digidrop, Unit 3 Beaufort, Railton Road, Guildford, Surrey, GU2 9JX

Find out more