Secure Our World: Cybersecurity Awareness Month 2024

Takeaway: October is Cybersecurity Awareness Month. For 21 years, the U.S. government has set aside this month to help organizations strengthen their online security and protect sensitive information.

The 2024 theme is "Secure Our World." This reminds us that protecting sensitive information is a shared responsibility across all departments and roles.

SEE OUR SUPPORT PLANS

What is cybersecurity?

Cybersecurity means protecting important information and systems from threats. For state & local government agencies, courts, and universities, this includes:

• Protecting citizen and student data
• Securing financial information
• Safeguarding legal documents
• Maintaining secure websites
• Protecting internal networks

When it fails, you can face serious problems:

• Data breaches that expose sensitive information
• Website outages that disrupt public services
• Compromised systems that affect operations
• Loss of public trust
• Compliance violations
• Financial losses from cyber attacks

Related: 5 Essential Cybersecurity Questions to Ask IT Vendors →

The four stages of website security

Think of building a secure website like constructing a fortress. Each stage plays a role in keeping your information safe.

1. Technical architecture: Laying a secure foundation

Just like a building needs a solid foundation, your website needs strong security plans right from the start.

During this stage:

• We list all the tools and outside services the website will use
• We check if these tools are secure and up-to-date
• We plan how different parts will work together safely
• We identify what needs extra protection

A software integration inventory helps you mitigate risks, comply with regulatory standards, and respond effectively to security incidents.

Maintaining this inventory helps you gain control over your integrations, reducing exposure to vulnerabilities and enhancing overall security posture.

How to implement this on your site:

Creating your security inventory is like mapping everything your website needs to work. This includes:

1. Third-Party Tools and Software
   1. List every service that connects to your website
   2. Check if each tool has current security certificates
   3. Record which versions work best together
   4. Create update schedules for each tool
2. Security Documentation
   1. Write clear security guidelines
   2. List emergency contacts
   3. Create step-by-step security procedures
   4. Make security checklists for your team

Related: How to Keep Data Secure During CMS Migration →

2. Building the frontend and backend: Writing code with security in mind

When building the website, we add security at every step, like adding locks and alarms while building a house.

This means:

• Keeping different users' information separate
• Removing unnecessary features that could create security risks
• Following security best practices for all parts of the website

Separating customer data prevents user data from being accessed, altered, or compromised due to issues with another client’s data or system. This is especially critical in multi-tenant environments. And if a user’s data is compromised, isolated data limits the potential impact, preventing broader access to sensitive information.

Segregating customer data also helps meet regulatory requirements (e.g., GDPR, HIPAA) that mandate strict data privacy and protection protocols.

Disabling or removing non-essential modules also minimizes the number of potential entry points for attackers (especially since not all modules receive the same security treatment). Every module or feature is a potential security risk, so limiting them reduces exposure.

Related: Best Drupal Modules for Government Websites →

How to implement this on your site:

1. Protecting Customer Data
   1. Set up strong walls between different users' information
   2. Create different levels of access for staff members
   3. Encrypt sensitive information
   4. Make sure private data stays private
2. Cleaning Up Unnecessary Parts
   1. Remove any modules you don't need
   2. Keep only the essential features
   3. Update the modules you keep
   4. Check each module's security history
3. Password Encryption and Strength
   1. Decide on password strength for all users
   2. Ensure password encryption
   3. Limit failed login attempts
   4. Avoid common usernames like admin, test etc
4. Multi-Factor Authentication
   1. Enable multi-factor authentication (especially on government websites)

3. Testing: Hunting down vulnerabilities before they become problems

Before opening a new building, you check everything works safely. The same goes for websites:

• We use special tools to look for security problems
• We fix any weak spots we find
• We test to make sure fixes work
• We check if the website meets security requirements

To strengthen cybersecurity and demonstrate commitment to cybersecurity best practices, you need to resolve vulnerabilities found by a vulnerability scanner. It reduces attack surfaces and mitigates risks, instilling confidence among customers, partners, and regulatory bodies.

Related: Drupal 7 EOL: Risks and Security Strategies →

Many compliance frameworks (e.g., PCI-DSS, HIPAA, GDPR) also mandate regular vulnerability scans and timely remediation as part of their security requirements. This ensures compliance, helping avoid penalties and improving overall security standards.

How to implement this on your site:

1. Regular Security Checks
   1. Run security scans every month
   2. Test backup systems regularly
   3. Check for weak spots in your security
   4. Make sure all security tools work properly
2. Fix Problems Quickly
   1. Create a list of security issues found
   2. Rank problems by how serious they are
   3. Fix the most important problems first
   4. Test to make sure fixes work
3. Document Everything
   1. Record what problems you found
   2. Write down how you fixed them
   3. Keep track of when you made changes
   4. Save records of all security tests

SEE OUR SUPPORT PLANS

4. Deployment, launch & post-launch: Locking it down for launch and beyond

Security doesn't stop when the website launches. Like a building needs ongoing maintenance:

• We create plans for making safe updates
• We set up backup systems in case something goes wrong
• We make plans for handling security problems
• We keep watching for new security threats

Managing website changes requires a strong control system. Keeping track of who makes changes, when, and why reduces risk, maintains security standards, and prevents accidental problems. This organized approach keeps your systems running smoothly and protected.

And if (or when) problems happen, you need to get systems back up quickly to keep your organization running. Having a solid recovery plan that you regularly test helps you know exactly what to do in an emergency and get back to normal operations faster.

Lastly, a clear, well-practiced incident response plan will make your team more effective in responding to security incidents. This organized approach reduces security risks, maintains trust with users, and protects your organization's data.

How to implement this on your site:

1. Change Control Process
   1. Create rules for making changes
   2. Test changes before they go live
   3. Keep records of who makes changes
   4. Have a plan to undo changes if needed
2. Recovery Plans
   1. Create backup copies of everything
   2. Store backups in a safe place
   3. Test recovery procedures regularly
   4. Keep emergency contact information updated
3. Incident Response Plan
   1. Make a plan for security emergencies
   2. Assign roles to team members
   3. Practice responding to problems
   4. Keep the plan updated
4. Ongoing Maintenance
   1. Check security reports regularly
   2. Update software when needed
   3. Train new team members
   4. Stay informed about new security threats

Secure your website with Promet Source

At Promet Source, we strongly adhere to the NIST cybersecurity framework because we understand that security isn't just about adding features or running scans. It's about creating a complete security system that protects your organization and its users daily.

Our approach combines technical expertise with practical, real-world solutions. We help you build strong security foundations, maintain them effectively, and respond quickly when needed. With each website we build, we combine best practices in security architecture, careful development, thorough testing, and ongoing protection.

When you partner with Promet Source, you get a team dedicated to keeping your website secure and your organization safe.

Let's build and maintain a secure website that serves your needs today and adapts to tomorrow's challenges. Contact Promet Source to start your security journey.

SEE OUR SUPPORT PLANS