Data privacy is a case where the old saying “prevention is better than cure” certainly applies. A small piece of harmful code uploaded to your site can cause immense damage, from a pop-up window opening to a stolen session or password and complete system compromise. As part of your data security policy you should specify the frequency and manner in which your system is scanned for this kind of malicious code, and what safeguards are in place reduce the risk.

Update any software or scripts that you utilize on your website regularly. Hackers are able to exploit security holes in popular web software programs, and in the absence of timely updates, it opens your system up to attack. It is also recommended to limit database or network accessibility to only the minimum number of people necessary to perform their job.

Create a plan of action to address any possible breaches. You should designate a staff member to manage the process. Based on the nature of your business, you might need to inform law enforcement, customers and credit bureaus. This is a serious issue which should be planned in advance.

Implement strong password requirements and make sure you have a way to save passwords. For example, requiring upper and lowercase characters, numerals and special characters. Additionally, you can use salt and slow hash functions. Avoid storing confidential data about users and when you need to limit the risk, you can do so by encrypting it or deleting the data after a specific time.