Securing Your Kentico Website

4 min read

Nearly half of UK businesses have fallen victim to cyberattacks or security breaches within the last 12 months. With this statistic in mind, your website’s security is an essential consideration within the web development process and should be addressed at the very start. Before you begin the planning and design phases of your web project, necessary precautions should be in place to protect and secure both your own and, more importantly, your customer’s data.

Following rollout of the General Data Protection Regulation (GDPR) in May 2018, businesses now face penalties of up to £20 million or 4% of their annual global turnover – whichever is greater - if they are found to be non-data compliant. Following a data breach involving more than 500,000 customers personal data, British Airways were issued a fine of more than £183 million, the highest fine to date. This provides a stark warning of the implications of sub part website security. Combining our advice with Kentico’s out-of-the-box security features, you will be able to secure your website in no time.  

Assess your digital estate

There’s no denying that security can be complicated. Many websites have security issues that are considered later in a project or once development is completed ahead of launch. This approach can be problematic, incurring additional costs if addressed outside of the original project scope.

In our experience, the first point of call should be to conduct a full site audit, determining how secure your existing website is and what additional security protection needs to be implemented. This way, all security development work can be identified and included within the agreed scope, avoiding nasty surprises as the project progresses.

Establish roles and responsibilities

Identifying roles and responsibilities between you and your chosen web agency is essential to understanding who is doing what to ensure your data is fully protected and GDPR compliant. If any issues do arise, there will be no delay in acknowledging and fixing the issue.

  • The Data Controller is responsible for stating how and why your data is processed
  • The Data Protection Officer is your in-house expert on all things data and GDPR. This individual’s role is to educate the business on data protection and monitor compliance
  • The Data Processor, in a lot of cases, is your chosen agency or hosting provider. SLAs or Data Processing Agreements need to be put in place establishing how they can interact with your data to ensure it is handled safely and securely.

Use the latest version of Kentico

Businesses often put off upgrading to the latest website platform version in case new risks arise. However, platform developers make continuous fixes to each new version highlighting the necessity of staying informed and aware of any recommended security patches and available versions. As a result, you can rest assured knowing your website has the most recent and effective security enhancements. When a new version of Kentico is released, you still have the opportunity to test it out before changes are implemented or your site is migrated.

Utilise Kentico’s out-of-the-box features

Just one of the great features Kentico, they provide a whole host of out-of-the-box features as standard, ensuring your website is secure and valuable data is protected. These include:

  • Authentication including:
    • Forms authentication based on standard ASP.NET
    • Windows authentication and integration with Active Directory
    • Social Network authentication
    • Claim based authentication
    • Multi-factor authentication
    • Custom authentication mechanisms for your existing user databases or legacy systems
  • Double opt-in registration: User confirmation of registration is required via email to validate their email address.
  • Integration with reCaptcha: Protecting your website from spam, abuse and detecting bots in just one-click, Kentico offers an integration with Google reCaptcha. Its advanced risk analysis engine is capable of identifying a bot vs a human user.
  • Anti-cross-site request forgery (CSRF) tokens: Protecting your Kentico website against CSRF vulnerabilities, CSRF Tokens protect you by validating requests without impacting site performance

If these features aren’t enough peace of mind, you can rest assured that with every new update and iteration, the Kentico platform undergoes extensive and detailed security testing by their highly skilled developers.

Choose the right hosting partner

There are many factors to consider when choosing your hosting partner. We’re seeing more and more suppliers emerge who provides budget hosting as cheaply as possible, sacrificing performance, scalability and more importantly, security.

Over the past 15 years, we’ve partnered with Rackspace and Alert Logic who are the backbone to our digital services. From anti-virus software to regular OS patching and monitoring, using a reputable hosting service that gives you unlimited security and support is essential for any application. Our skills range from Content Delivery Networks (CDNs) and Web Application Firewalls (WAFs) to Distributed Denial of Service (DDoS) mitigation and Intrusion Detection.

This part of our services is of the utmost importance to us. We work closely with the team at Rackspace to ensure we’re always giving clients the best advice and recommendations throughout your project and beyond launch.

Injection attacks

Hackers use a range of techniques to exploit weaknesses within a website. This is done to gain access to information they shouldn’t be accessing, modify sensitive data or wipe out data altogether. These vulnerabilities, such as SQL Injection and Cross Site Scripting XSS, usually provide access to databases via web user input or form validation by inputting code that implements on the service side. There are a number of ways to prevent these kind of attacks, but the key is to use a combination of methods during both development and testing to mitigate.

Have a plan

Implementing these security tips and utilising Kentico’s out-of-the-box security features will help prevent cyberattacks, but it’s equally important to have a functioning recovery plan to get you back on track should disaster strike. Having a backup of your website will help reduce the impacts and prevent a massive project from occurring to get your website back on track. Instead, you will be equipped with the recent, undamaged files to quickly restore your website’s files and valuable information.

Customers expect a secure website to browse and utilise. With cyberattacks regularly occurring, it’s more important than ever to step up your online security and provide a site that your users can trust. Combining our advice with Kentico’s out-of-the-box security features and recommendations helps to reduce the chances of your website’s security being compromised, an issue that could create irreparable damage. If you would like to chat more about how to improve the security of your website, contact our knowledgeable team today.

Thoughts. Opinions. Views. Advice.

Related Insights

1 of 1