Businesses must be aware of the increasing rate of cyber and phishing attacks, according to Anushka Bandara, CEO and co-founder of leading app and software development company, Elegant Media.

The business works with government, corporates, entrepreneurs, and businesses of all sizes to develop and deliver cutting-edge tech solutions including software and apps by harnessing the power of machine learning and artificial intelligence.

“During the pandemic, online shopping and social media interaction increased by over 400%. This has created the perfect environment for tech-savvy scammers to target people. Regardless of whether you are engaging online via a retailer’s website or mobile app, there are five security features that every website and app must include to safeguard the business and users,” Bandara said.

“Businesses urgently need to increase the security features of their websites and apps. Companies possess large amounts of client data and information. If you do not keep up to date with digital security, you are leaving your data and information open to online criminals and hackers and your customers vulnerable.”

Bandara has identified five important security features to include in any website or app.

  1. Obtain an SSL Certificate for websites and apps 

Businesses should have an SSL certificate installed on their website and app because it secures online transactions and keeps customer information safe and private.

“SSL stands for Secure Sockets Layer. An SSL is a digital certificate that authenticates a website’s identity and enables an encrypted connection. This is a security protocol to create an encrypted link between a web server and a web browser. The SSL keeps the internet connections safe and stops criminals from reading or modifying information transferred between two systems,” Bandara explained.

2. Store data within Australia 

Australia’s data sovereignty law requires data to be kept in a data centre in Australia.

“All data held in Australia is subject to, and is protected by, our Australian Privacy Principles (APPs). Aside from complying with privacy laws and meeting APP obligations, storing your data in Australia can help to prevent a breach from occurring,” Bandara said.

“Data sovereignty prevents unauthorised foreign contractors from accessing the information. If your data was held overseas and a breach occurred, you might not be able to inform your customers in Australia. 

“Unfortunately many businesses do not understand the complexities associated with hosting and they simply sign up to website hosting arrangements with providers online and have no idea where their website and customer data is held. 

  1. Provide a prominent user Sign Out option

Logging out prevents other users from accessing their information without verifying their credentials. “This is why some companies, for example, banks, have an automatic sign-out after a short period of time. Logging out is an important part of security, so the sign out option should always appear prominently for users’ convenience,” Bandara said.

“Ideally, in addition to a prominent Sign Out option, there should be time out prompts as well.”

  1. Use a third-party authenticator app for client login 

A third-party authentication app such as Google Authenticator is used to generate a login code so that a company can confirm the user’s identity when they log in from a new device for the first time.

“The app provides the second part of a two-factor authentication (2FA). A Microsoft report from 2019 concluded that using a third-party authenticator blocked 99.9% of automated attacks. You should therefore see it as a necessity. Once it’s set up, it only adds one extra step to logging in, so it’s worth doing it. If you don’t then you’re opening yourself up to hackers and theft of private information,” Bandara said.

  1. Get users to accept cookies before browsing the app or website 

Cookies are text files with small amounts of data, for example, the user name and password, that are used to identify the customer when they enter your website.“The data is labelled with a unique ID. When the cookie is exchanged between the user and network server, the server reads the ID and knows what information to send out,” Bandara added.

“This frees up your storage space on your server, and brings down your server maintenance and storage costs, while also allowing you to personalise your customer’s experience.”