Websites
Spam Prevention
Spammers, Scammers and other miscreants will commonly scrape contact information from websites for their evil purposes. You can help to reduce this by either having a robust and secure web contact submission form or converting any scrape-able text into an image.
You can identify where your email address may be exposed by Googling for “@ +mydomain.com” or “intext:”@ +mydomain.com”. Then comes the process of having the information removed or redacted (or in some cases reporting those that have harvested and exposed the information).
If you are using iCloud, there is also an awesome email relay service that iCloud provides. This can enable location specific relay email addresses which can help to identify the source of any spam and enable the blocking or deletion should it occur.
Encrypting traffic to and from your website
Secure Socket Layer or SSL provides encryption (protecting data from prying eyes) and authentication (helping to ensure we are talking to the real website).
Digital certificates that support SSL are a great way of protecting your visitors as well as improving confidence in your website and brand. These can be obtained for free via the good folk at LetsEncrypt.
Protecting visitors against attack
Content Security Policy (CSP) helps to protect your website visitors against a range of nasty security issues (such as Cross Site Scripting etc). You can test your own website using the tool created by this fine security gentleman.
Creating a Content Security Policy for your website can be very challenging. There are a few good options to make life easier. You can leverage a paid service like the one provided by Sucuri or schlepp it out manually using workers and CloudFlare.
Security Testing your website
Security testing of your website should ideally be commensurate with the value of the site to your business and the value of the information it holds or collects. Testing is often the last line of defence to help reduce the risk of website compromise.
Assuming you have the necessary authorisation, you can conduct some free basic security testing of your website using Snyk. More comprehensive security testing can be provided by a professional testing company such as those referenced on CREST Australia‘s site.
DoS/DDoS Protection
Protecting your website against Denial of Service (DoS) can be complicated. Thankfully the awesome team at CloudFlare can help. Their free basic service can provide protection against a wide range of attacks, speed performance of your site and many other security features.