Many factors go into planning a business website – all of them relevant. To make an effective website, you’ll need to consider details such as design, content, and metrics. These aren’t the only consideration, however. In addition to these things, you will also need to think about security.
Website security helps keep your business and customers safe. While it isn’t always thought about before building a website, including it in your site planning could save you time and trouble later. Below are three steps for planning a secure site.
Understand Your Risks
Before you can plan for an attack on your website, you need to first understand your potential threats. Threats can typically be separated into two categories: internal and external.
Internal threats usually come from inside your organization. They affect intranet -based websites and can come from obvious sources such as disgruntled workers or less obvious sources such as improperly secured virtual employees. These types of threats pose a risk to company data.
External threats often occur in public facing sites, such as those used in e-commerce. With external threats, sensitive customer or personal information such as credit card numbers, social security numbers, and medical information are at risk.
Once you have identified the type of threats your site is at risk for, you should then organize them based on possible harm done. Create a list of each potential threat and detail how it could impact the business or customers. It’s not worrying; it is being prepared.
Organize the Threats
There are many potential threats to a website, and you likely cannot prevent them all. That is why it is important to organize them based on their potential risk. Start by assigning values to every potential risk you have already listed.
Give each risk a numerical value based on its potential damage. For a guide on how to do this, read this Microsoft Developer Network article. Rank each threat so that those that could pose the most damage are at the top. Don’t forget to identify and consider which functions of your site are impacted such as:
Depending on how your website is used, a threat to privacy may be more critical than one that affects availability.
Create a Security Policy
Need some inspiration? Visit this Rutgers University page for a sample network security plan.
Although there are only three steps, website security is not a one-time thing. Threats often change, and security policies should be updated to reflect those changes. To keep your site secure, continue monitoring it for security risks and update the site and security policies as needed.