iASP Client Login

Website Security

Website Security

Votes: 0 I found this article useful. I didn't find this article useful.Score: 0 Vote Score
Website Security


Prevention is key when it comes to Website Security. Simple proven techniques can significantly reduce the risk and consequences of an attack.

Your website security policy should provide clear guidelines for all employees who are able to login and manage the website.

The policy should cover rules and procedures such as who can have administration access, password security, general website rules and regulations, content guidelines and more.   

Further information about developing a website security policy is available via these resources:

Privacy Policy 

If you collect any data from website visitors, even if it's only via a simple contact form, you are required by Australian Law to publish a privacy policy.

Your privacy policy must explain what happens to the data visitors submit to your website.

We recommend integrating your privacy policy within your general website Terms of Use and publishing the details on your website with clear access for public visitors.  

For your reference, the Enotia privacy policy is included on the iASP General Terms of Use, located in the footer of the iASP website here

For more information on the Australian Privacy Policy requirements and private policy templates can be found via these resources:

Rules to Help Manage your Website

Below are some of our key recommendations to consider when implementing website security protocols. 

1. iASP System Administration Access
iASP System Administration access provides high level access to the website content management system (CMS). System Administrators can edit website content, access the user database, view user private information and more. Consider the following: 

  • How many employees in your organisation have website system administration access? 
  • Who are they?
    We recommend limiting system administration access to 1-2 employees only.
  • Have iASP system administrators completed the registration using their individual business e-mail address or do multiple administrators login using one e-mail address? i.e. a general e-mail such as info@xxx. 
    We strongly recommend registering each individual system administrator with their individual company email address.
  • When system administrators are accessing the website internally (in the workplace) and /or remotely (from a portable device), what security practices are in place? i.e. Does the administrator's computer have automatic lock screen time-out set? 
  • Can administrators access the site from a public computer or shared public network?
  • What is the process for on-boarding and off-boarding a system administrator? i.e. when a system administrator employment ceases, do you remove their administration access?

2. Password Requirements 
Password security plays an important role in securing your website and the private information collected. Consider the following:
  • Does your business have a password policy for accessing the company website? i.e. are system administrators required to change their passwords every few months?
  • Password Privacy - When a customer has forgotten their website login password and they contact your business, how do you identify the customer? What is your policy for providing password assistance? 
  • Create a password policy procedure that outlines strong password requirements and password confidentiality 

3. Content Policy 
A organisational content policy can help provide a clear outline of how content is used, conveyed, managed and protected. A content policy could include:
  • The responsibilities of content authors and editors 
  • Details of the content approval process
  • Roles and Responsibilities of content authors and editors including inappropriate content and other misconduct 
  • Ownership of content - copyright, proprietary rights, trademarks

4. Disaster Recovery Policy
If the worst happens, what are your plans to recover?
A disaster recovery policy that can be enacted immediately as required is mandatory for all businesses publishing a corporate website.
Documenting who is responsible for specific tasks and clear instructions relating to task priorities and execution procedures can significantly reduce the impact of serious security breach.

No Comments Posted