Data privacy is one of the areas where the old adage “prevention is better than cure” is definitely true. A tiny bit of malicious code uploaded to your site can cause immense damage, from an opening of a pop-up, to a password or session being stolen and complete system compromise. As part of your data security policy, you should define how often and when your system is scanned for this type of malicious code and what security measures are in place to mitigate the risk.

Update any scripts or software platforms that you utilize on your website regularly. Hackers are constantly looking for security flaws in popular web software programs and an absence of timely updates exposes your system to attack. You should also restrict access to your network or database to a minimum number of people required to perform their duties.

Develop a plan of action to address any possible breaches. You should assign a person from your staff to manage the process. Depending on the nature of your business, you may need to notify consumers, law enforcement agencies, customers, and credit bureaus. This is a serious matter which should be planned in advance.

Create strong password requirements and make sure you have a way to store passwords. For example, requiring upper and lowercase characters, numerals, and special characters. You can also make use of salt and slow hash functions. Avoid the unnecessary storage of confidential user information, and when you do, minimize the risk level by encrypting the data or deletion after a period of time.