In larger coompanies, there is usually specialized personnel that deals with personal data protection, but not every company can afford that. Because there is the rising need for the knowledge on how to protect personal information of website users efficiently, we decided to pprepare a short guide, where we pointed out the most important and the most effective methods that websites administrtors could introduce from the get-go.
This is absolutely essential when it comes to website user data security, their correspondence and the forms they fill in. Noowadays, using the SSL protocol is considered standard, especially given that the majority of Internet users is aware that a website that does not have an SSL certificate and requires them to give their personal information is of rather questionable security, and it may be dangerous to provide it with any personal information. In our offer, we present a variety of SSL certificates that differ in the standard of security they provide and the purposes they can be used for. Thanks to them, you will be able to encrypt your connections, and therefore, to protect the personal information of your clients from being intercepted by unauthorised parties.
2. Internal safety rules.
However, using SSL certification is not enough. If you do not run the page on your own, you have journalists, editors, and other individuals who can access the administrative panel of your website, you have to establish some sort of safety rules and grant proper permissions to all of you rules. The access to users’ personal data, full or partial, should only be granted to those wh actually need it for their business. Try to remember that the less people have access to this, the easier the data is to control.
Be careful with addons, plugins, and widgets. If you are using free platforms, such as WordPress, they should be well familiar to you. On no account, should you install plugins from unauthorized sources; always make sure you can trace the origin of a plugin you want to use and make sure they are up-to-date. By installing addons from an unknown source, you may actually grant access to personal information too an individual you will likely never be able to identify.
3. Some good practice concerning passwords.
Using FTP software, you have to remember that it is not only files that you exchange. The data of your FTP account is vital and definitely has to be secured. Never save FTP passwords in programs that you are using. To minimize the risk of your FTP account being accessed by unintented parties, limit your FTP account access to a small number of IP addresses that you choose yourself. In this way, you will make sure that even those who managed to get your FTP account details somehow, will not be able to use them from the IP addresses that are not included on your list. You can limit the access to the administrative panel of your website in thee same way.
Creating passwords for your FTP accounts or other accounts connected to your website, remember not to create „wordlike” passwords. Passwords like „house73” are a particularly bad idea. The best solution is to use random strings of letters, numbers, and other signs, but if you really need a „wordlike” password, try to add some numbers, signs, or capital letters to it. Remember thta it is aso adbisable to change your password at least once per three months.
You have to remember, then, that although SSL certification is the most important security measure for keeping personal information, they will not be able to protect the website from human mistakes. Accidental password access, installing suspicious plugins, are the two situations from which only you, as a website administrator, as well as other authorised people, can protect your business. The SSL protocol is not enough. Proper staff habits are necessary, too