Data privacy is a matter where the old adage “prevention is better than cure”, certainly applies. A small amount of harmful code uploaded to your website can cause massive damage, from a pop-up window opening to stolen sessions or passwords and complete system compromise. As part of your data security guidelines you should specify the frequency and duration at which your system is scanned for this type of malicious code and also what safeguards are in place to reduce the risk.

Update any scripts or software platforms that you employ on your site regularly. Hackers actively target security vulnerabilities in popular web software programs, and in the absence of timely updates, it opens your system up to attack. It is also recommended to restrict access to your network or database to only the minimum number of users needed to complete their job.

Make a plan to deal with potential breaches and designate a staff member to manage the process. Based on the nature of your business, you may be required to notify consumers, law enforcement agencies, customers, and credit bureaus. This is a major process that should be planned for well in advance.

Implement strong password requirements for consumer accounts. Ensure that you have a suitable method of storing passwords such as requiring the use of upper and lowercase numerals, letters and special characters as well as using salt and hash functions that are slow. Avoid storing sensitive user data, and when you do, reduce the risk level by encrypting the data or eliminating it after a certain amount of time.

click for source