Data protection for web hosting
This week the Information Commissioner (the government body which regulates data protection) used his new powers to punish data breaches for the first time by imposing heavy fines on those responsible (source).
While the protection of sensitive data has always been important, the new powers available to the Information Commissioner are a big reminder that it should be treated seriously by all businesses who hold sensitive data about customers. For those running a website which holds such data or handles online transactions it is important to make sure everything is being done in a secure and conscientious manner to help avoid problems in the long term.
For clients using our services we are always happy to advise and provide solutions in several different areas:
1. Server location
If your business is based within the EU and handles customer data it is much better to be hosted on a server within the same region. If your website is hosted outside of the EU extra procedures are required while handling your Data Protection registration.
2. Software Security
If your website takes orders or stores data online it is very important to keep your scripts and software up to date. Over time, exploits can be discovered in third party applications which can lead to major security issues. To avoid this we always recommend staying aware of updates to the software in use and making sure to carry out upgrades when available, especially in the case of security updates.
3. SSL Encryption
If your site gathers sensitive information from users such as payment information, names, addresses, etc it is advisable to have this done using a secure SSL website connection. As well as encrypting the data passed through the connection. having that locked padlock in the browser goes a long way for customer confidence.
We can provide SSL certificates from £20.00 per year to existing hosting clients and those hosting elsewhere. For those already hosting with us we can take care of the whole process involved with installing the certificate on your behalf.
4. PCI Compliance
If you handle customer payments on your website you are required to be PCI compliant. This is a detailed set of tests and scans on your website to make sure that it is not exposing vulnerability or at risk of security issues. Having PCI compliance is also useful for those storing sensitive data online to make sure the website and server are secure and increase customer confidence.
We can assist with the whole process involved with being PCI compliant. You will require a managed vServer or dedicated server package (not available to shared/reseller hosting) which we can customise to your requirements so that all PCI scans pass. In the event of any issues with the first scan we will examine the results report and work to resolve each one by applying various settings and tweaks to our standard server configuration.
This is just a small selection of the issues involved with running a website and handling sensitive data online. We are always happy to advise clients on this topic so you can be sure that your websites are hosted in a stable and secure environment allowing you to concentrate on running your business!