Five security features your website and app must include


Businesses urgently need to increase the security features of their websites and apps. Companies possess large amounts of client data and information. If you do not keep up to date with digital security, you are leaving your data and information open to online criminals and hackers and your customers vulnerable.

I have identified five important security features to include in any website or app.

1. Obtain an SSL Certificate for websites and apps

SSL (Secure Sockets Layer) is a digital certificate that authenticates a website’s identity and enables an encrypted connection. Businesses should have an SSL certificate installed on their website and app as it keeps the internet connections safe and stops criminals from reading or modifying information transferred between two systems.

Consumers should always check to see if a website’s URL starts with HTTPS, if so then this means that the site has an SSL certificate. If it doesn’t, then be very careful.

2. Store data within Australia

Australia’s data sovereignty law requires data to be kept in a data centre in Australia. Data sovereignty prevents unauthorised foreign contractors from accessing the information. If your data was held overseas and a breach occurred, you might not be able to inform your customers in Australia.

Unfortunately, many businesses do not understand the complexities associated with hosting and they simply sign up to website hosting arrangements with providers online and have no idea where their website and customer data is held. Businesses should be checking to ensure their site and data is hosted in Australia.

3. Provide a prominent user sign-out option

Logging out prevents other users from accessing their information without verifying their credentials. This is why some companies, for example, banks, have an automatic sign-out after a short period of time. Logging out is an important part of security, so the sign-out option should always appear prominently for users’ convenience.

Ideally, there should be time out prompts as well. It is important to ensure users do not leave accounts open and unattended online.

4. Use a third-party authenticator app for client login

A third-party authentication app such as Google Authenticator is used to generate a login code so that a company can confirm the user’s identity when they log in from a new device for the first time.

The app provides the second part of two-factor authentication (2FA). A Microsoft report from 2019 concluded that using a third party authenticator blocked 99.9 per cent of automated attacks. You should therefore see it as a necessity. Once it’s set up, it only adds one extra step to logging in, so it’s worth doing it. If you don’t then you’re opening yourself up to hackers and theft of private information.

Your computer and handheld device may also ask you to save sign-in settings. Where possible, try to avoid doing this. The settings will be stored in your browser and hackers can easily access, steal and use this.

5. Get users to accept cookies before browsing the app or website

Cookies are text files with small amounts of data that are used to identify the customer when they enter your website. The data is labelled with a unique ID. When the cookie is exchanged between the user and network server, the server reads the ID and knows what information to send out.

This frees up your storage space on your server and brings down your server maintenance and storage costs, while also allowing you to personalise your customer’s experience.

Digital security preserves the integrity of your data and keeps your clients’ information secure. Investing in cyber security brings you peace of mind. It is important to keep abreast with new digital security challenges as they emerge.