Security
Your privacy responsibilities
These days personal details are valuable pieces of information. Identity theft is big business so the need to ensure that your customer's information does not fall into the wrong hands is paramount.
If you collect and store personal details during the course of doing business the Australian Privacy Act mandates that you take steps to ensure that is not misused.
Australian law states that Business owners and even company directors can be seen as negligent if they don't take appropriate steps to protect their customer's private details and a leak occurs. The implications of an information leak is that a third party, like a credit card company, can seek to recover losses through the courts in the event that they can substantiate damages.
Some things you can do to protect your customer's privacy:
- Your website should display a privacy policy. This documents how you treat information, how you secure it and under what situations you disclose it to third parties. We can help with formulating a privacy policy for your site
- Internal business processes should ensure that information is protected at all times. Do not allow people who don't need to see private information access to it.
- Talk to us2, we have extensive experience in securing client information and helping businesses comply with regularity requirements.
Your site security
Most of the aspects of securing your site are our problem. To keep our servers and the information on them secure we employ the latest security techniques and technologies. We have an industry recognised security professional on staff to oversee the policies and procedures surrounding information security.
There are, however, some things you need to think of with respect to security. Think to yourself how many systems in your business have passwords which are easy to guess, are the same password which has been used for years and that everyone knows.
This may be convenient for internal systems where the computers are physically locked up at night. No one from the public has access to them and as such you get away with it.
A website is totally different! If you store customer and business information in back end systems on the web, then you need to make sure that the passwords are secure. Locks on your doors do nothing to stop people accessing this data. The protection is your password.
Rules of thumb with online passwords:
- Do not give passwords out to anyone
- Give each employee their own username and password, do not share a single password.
- Use tricky passwords, not single easy to guess words like your first name for example. Use a combination of letters and numbers.
- Change your password regularly
- TREAT PASSWORDS AS YOU WOULD KEYS TO DOORS!
- If you think any password has been compromised, contact us immediately.
Certificates and SSL
Sometimes you will need your customers to enter personal information, sometimes even credit card numbers. To ensure that nobody can intercept this information as it travels across the internet an SSL Certificate is used to scramble or encrypt the information.
When a website is encrypted you will see a picture of a padlock in your web browser. Double clicking on the padlock will verify who you are actually communicating with.
Talk to us if you have specific certificate needs, but in most scenarios our server certificates should meet your needs.