October is Cyber Security Month and it’s a good excuse to assess your web applications and website security before the holiday season.

Few things pose as much risk as an attack aimed at your website. Consider the impact of data breaches to Target, Home Depot and, most recently, Experian and the American Bankers Association. It seems that not a week goes by without a new massive breach making headlines.

While organizations often think of protecting their network, website security is often overlooked, leaving a massive vulnerability open to exploitation. How can you ensure your web applications and website are safe? Use these five tips to make sure your security is where it needs to be:

1)  Protect what matters: your web applications and data

Your website is the most visible and most vulnerable part of your business. The more feature-rich your website is, the more vulnerable it is. Web applications are what create, present, modify, and store data. It’s no surprise that 80% of website attacks are aimed directly at them. While you want to engage your customers with a highly interactive site, providing a safe user experience should be a top priority.

2) Make updating your software a habit

Hackers scan thousands of websites every hour in search of vulnerabilities. Companies should make sure plugins, themes and platform installations are updated to their latest versions. It is important to run updates and apply security patches when using third-party software on your website.

3) Don’t cause your own data breach – educate your employees

Nearly 80% of the U.S. population shops online. Consumers rely on retailers for providing a safe transaction. In fact, 71% of consumers feel it is up to online retailers to ensure the protection of their information. According to recent studies, a leading cause of data breaches are caused by non-malicious employee error. Educating and training employees is a critical element of website security. Employees should follow good password practices by using strong passwords and changing them regularly.

4) Have a plan and stick to it

It is important that companies prepare ahead by working with security consults to implement a response plan. The average cost of a data breach is $3.8 million. Research reveals that organizations with a strong security formal response plan in place prior to an incident can significantly reduce the average cost of a breach. It’s not a matter of if, but when. Have a plan of action on how your company will respond if a breach occurs for both internal processes and external communication.

5) Take the time to test your security

When you think you’re safe, it’s time to test that theory with penetration testing. A penetration test is an authorized attempt to evaluate the security of your IT infrastructure by safely attempting to exploit vulnerabilities.

SiteLock TrueShield Web Application Firewall can help you avoid being hacked, and TrueCode Application Security Testing can test your web apps for vulnerabilities before you launch. Contact SiteLock today.