Websites can be compromised on a number of levels. It is important to be aware of the threats at every level and to put into place practices that will mitigate the risks as far as reasonably possible. Digital Garden takes a number of steps to ensure that the sites it builds remain secure as far as possible.
- Team knowledge - The development team is aware of their responsibilities around data privacy and security of user data as well as the confidentiality around client know-how and data.
- Secure code - The development team is trained in best practices around writing Drupal code in a secure manner and avoiding common mistakes around the sanitisation and handling of data.
- Strong passwords - We enforce strong passwords and TFA for user accounts and ensure that site credentials are not shared between developers for production machines.
- Secure applications - We harden our websites with a number of best practices approaches. Our sites are able to pass penetration tests conducted by third parties.
- Regular site maintenance - Drupal is constantly being updated and security issues are fixed. We monitor the security alerts coming through and proactively fix sites when they are covered by one of our support and maintenance plans.
- Police checks and baseline clearance - All of our staff members must undertake a Federal Police check before commencing work on any of our projects. Many of our Australian team have attained baseline security clearance to work on Federal Government projects.
