Written by Andy Mardell, Technical Account Manager
Your company might already have security policies in place, but a quick refresher ensures nothing slips through the cracks. For Data Privacy Day this year, we’re giving you a checklist of security policies you need to keep on top of.
Grab your free checklist. No forms, no faff.
These are our recommendations for all our clients. Depending on the value and sensitivity of your data, you might want to adjust the frequency to suit your needs.
An annual penetration test from an independent third party identifies weaknesses in your code and server configuration. We always recommend one after completing a website or app build, plus annual reviews or tests following significant code changes. If you need help finding a pentest company, get in touch.
Check who has admin access to your CMS or back office systems. Do they still need it? Could their permissions be downgraded from Admin to User level?
And, every six months, have a spring clean. Review everyone with CMS or back office access. Ask if they still need it. Are their details current? When did they last change their password? If you have a Leaver Policy, add system removal to your off-boarding checklist.
Have I Been Pwned lets you search data breaches to see if your email or phone number has been compromised. This matters less if you use unique passwords for each account, but if you've reused passwords, a quick check here is worth five minutes.
2 Factor Authentication (2FA) requires a randomly generated code from your phone alongside your password. Once you've entered your credentials, you'll need your 2FA app to get the unique access code. Some of our top 2FA apps include Microsoft Authenticator, Google Authenticator, and Aegis Authenticator.
While you're at it, check your 2FA app and remove any old devices.
We've all reused passwords or used obvious variations like 'Sunsh1ne', 'Sunsh2ne'. Password managers eliminate this risk by securely storing your passwords and auto-filling them. They're built into operating systems like macOS and browsers like Microsoft Edge. At Si digital, we use 1Password.
Complex passwords take longer to crack. Mix upper and lowercase letters, special characters, numbers, and punctuation. With a password manager handling the heavy lifting, you won't need to remember them anyway.
Public Wi-Fi at coffee shops, hotels, or airports is convenient but risky. Hackers can intercept your data on unsecured networks. A VPN (Virtual Private Network) encrypts your connection, keeping your browsing and login credentials safe. This is particularly important when accessing your CMS or business systems remotely. Many businesses provide VPN access to their teams. If yours doesn't, ask your IT department about setting one up.
This one's on us, and we often do it without you noticing. Keeping software, packages, and plugins current with the latest security patches is essential. Sometimes these updates happen in the background; other times they need thorough implementation and testing.
Grab your free checklist. No forms, no faff.
Data breaches happen almost daily. Even to the world's biggest and supposedly most secure companies. Just look at Jaguar Land Rover or Marks & Spencer. There's never been a better time to review your security setup. These steps could prevent a serious headache.
Got questions or need help? Get in touch.
Have a read of some of our other articles
When it comes to website rebuilds and CMS options, it can be a confusing and difficult decision to make. Here at Si digital, we’ve made the move over to Payload CMS.
A decade after flat design took over, Apple is preparing us for a world beyond the screen, and Liquid Glass is our first look at it.
