Designing a website for a client isn’t as simple as throwing down some graphic and text boxes and peppering the page with links and tabs (as any good web designer should know). While a lot of work goes into creating a design that is both functionally sound and aesthetically pleasing (not to mention indicative of the client’s brand sensibilities and technical needs), it all amounts to nothing if you don’t include the proper security measures to ensure that the site is safe from outside infiltration. So when you contract to design a site, here are just a few of the many ways you can strive to protect the web space you create.
1. Write your own secure code. While some graphic design software will no doubt come with built-in security, there will more than likely be glitches that you can neither predict nor counteract effectively. In order to guarantee the security of your code, you really need to write it yourself (or hire a qualified and reliable engineer).
2. Protect sensitive information. Encrypting your code is one thing, but you need to include extra security for sensitive information. This can either be provided through the website or by an external security provider. Often, the goal is to ensure that customers who wish to enter personal information (such as a credit card number for a purchase) will be protected from identity theft (just for example).
3. Embed a system for authorization. You don’t want just any Hacker Harry to wander onto your site and start changing things around. So when you build the site, make sure to include varying levels of authorization (password protection) for access to administrative functions such as adding or removing content.
4. Include an early warning system. Adding an auditing system will allow you (or your client) to monitor activity on the website at all times. But you will also want to build in a warning system that informs administrators when unusual usage occurs (such as high volume, password probing, or unscheduled changes). By being aware of these issues as they occur, you can greatly reduce the risk for damage posed by hackers or other malicious attackers.
5. Implement review and approval procedures. Most websites will have certain areas that necessarily allow input from outsiders, from the inclusion of advertising to comments posted by visitors. It is important to review anything that will be added to your site beforehand so as to avoid potential security risks. Only through the approval process can you ensure the safety of your site and its contents.
6. Add disaster recovery. No matter how well you plan your security system, there’s someone out there who can break through. For this reason, you really need to have a plan of action in place to recover data that has been corrupted or removed. A separate system backup that is auto-updated will usually do the trick.
7. Test everything. You never know when you might have overlooked a tiny problem that could have disastrous results. So make intensive QA part of your package unless you want to field a host of client complaints when they discover the mistakes you missed.
Leah Ryan writes for Grid Design Firm, a Chicago Design Firm specializing in web, online marketing, branding, and print.