All Articles

Content Planning

Planning a Secure Website in Three Steps

August 9, 2017

Many factors go into planning a business website – all of them relevant. To make an effective website, you’ll need to consider details such as design, content, and metrics. These aren’t the only consideration, however. In addition to these things, you will also need to think about security.

Website security helps keep your business and customers safe. While it isn’t always thought about before building a website, including it in your site planning could save you time and trouble later. Below are three steps for planning a secure site.

Understand Your Risks

Before you can plan for an attack on your website, you need to first understand your potential threats. Threats can typically be separated into two categories: internal and external.

Internal threats

Internal threats usually come from inside your organization. They affect intranet -based websites and can come from obvious sources such as disgruntled workers or less obvious sources such as improperly secured virtual employees. These types of threats pose a risk to company data.

External threats

External threats often occur in public facing sites, such as those used in e-commerce. With external threats, sensitive customer or personal information such as credit card numbers, social security numbers, and medical information are at risk.

Once you have identified the type of threats your site is at risk for, you should then organize them based on possible harm done. Create a list of each potential threat and detail how it could impact the business or customers. It’s not worrying; it is being prepared.

Organize the Threats

There are many potential threats to a website, and you likely cannot prevent them all. That is why it is important to organize them based on their potential risk. Start by assigning values to every potential risk you have already listed.

Give each risk a numerical value based on its potential damage. For a guide on how to do this, read this Microsoft Developer Network article. Rank each threat so that those that could pose the most damage are at the top. Don’t forget to identify and consider which functions of your site are impacted such as:

  • Authentication
  • Availability
  • Authorization
  • Privacy

Depending on how your website is used, a threat to privacy may be more critical than one that affects availability.

Create a Security Policy

Once you have identified your potential threats and organized them based on severity, you can now begin creating a security policy for its users. These security policies not only govern how the site should be used, but they also are useful for site planning. Creating these policies saves companies time and money because they lower risk when followed. Security policies can be as simple as password-protecting certain pages, or as involved as disabling JavaScript and Java.

Need some inspiration? Visit this Rutgers University page for a sample network security plan.

RUTERS IT Security Plan

Although there are only three steps, website security is not a one-time thing. Threats often change, and security policies should be updated to reflect those changes. To keep your site secure, continue monitoring it for security risks and update the site and security policies as needed.

TAGS:

Recommended Articles

Join over 180,000 registered users

plans start at just $8.99 a month

Get Started Today

No credit card required