Anushka Bandara is warning businesses and consumers to be aware of the increasing rate of cyber and phishing attacks that are taking place across the country.

Bandara is the CEO and cofounder of Elegant Media, one of Australia’s leading app and software development companies. The business works with government, corporates, entrepreneurs and businesses of all sizes to develop and deliver cutting-edge tech solutions including software and apps.   Harnessing the power of machine learning and artificial intelligence, Elegant Media has been able to build some of the country’s leading apps for government including the Department of Defence and the ATO.

“During the pandemic, online shopping and social media interaction increased by over 400 percent,” Bandara said.

“This has created the perfect environment for tech-savvy scammers to target people. Regardless of whether you are engaging online via a retailer’s website or mobile app, there are five security features that every website and app must include to safeguard the business and users.

“Businesses urgently need to increase the security features of their websites and apps. Companies possess large amounts of client data and information. If you do not keep up to date with digital security, you are leaving your data and information open to online criminals and hackers and your customers vulnerable.”

Bandara has identified five important security features to include in any website or app.

1. Obtain an SSL Certificate for websites and apps 

“Businesses should have an SSL certificate installed on their website and app because it secures online transactions and keeps customer information safe and private. SSL stands for Secure Sockets Layer. An SSL is a digital certificate that authenticates a website’s identity and enables an encrypted connection. This is a security protocol to create an encrypted link between a web server and a web browser. The SSL keeps the internet connections safe and stops criminals from reading or modifying information transferred between two systems,” Bandara explained.

“Consumers should always check to see if a website’s URL starts with https, if so then this means that the site has an SSL certificate. If it doesn’t, then be very careful.”

2. Store data within Australia 

“Australia’s data sovereignty law requires data to be kept in a data centre in Australia. All data held in Australia is subject to, and is protected by our Australian Privacy Principles (APPs). Aside from complying with privacy laws and meeting APP obligations, storing your data in Australia can help to prevent a breach from occurring,” Bandara said.

“Data sovereignty prevents unauthorised foreign contractors from accessing the information. If your data was held overseas and a breach occurred, you might not be able to inform your customers in Australia.

“Unfortunately many businesses do not understand the complexities associated with hosting and they simply sign up to website hosting arrangements with providers online and have no idea where their website and customer data is held.

“Businesses should be checking to ensure their site and data is hosted in Australia.”

3. Provide a prominent user Sign Out option 

“A lot of people are unaware of this, however, logging out prevents other users from accessing their information without verifying their credentials. This is why some companies, for example, banks, have an automatic sign-out after a short period of time. Logging out is an important part of security, so the sign out option should always appear prominently for users’ convenience,” Bandara said.

“Ideally, in addition to a prominent Sign Out option, there should be time out prompts as well.  It is important to ensure users do not leave accounts open and unattended online.”

4. Use a third-party authenticator app for client login 

“A third-party authentication app such as Google Authenticator is used to generate a login code so that a company can confirm the user’s identity when they log in from a new device for the first time,” Bandara said.

“The app provides the second part of a two-factor authentication (2FA). A Microsoft report from 2019 concluded that using a third-party authenticator blocked 99.9 percent of automated attacks. You should therefore see it as a necessity. Once it’s set up, it only adds one extra step to logging in, so it’s worth doing it. If you don’t then you’re opening yourself up to hackers and theft of private information.

“While 2FA can often seem onerous, the risk reduction it delivers is worth it.  Just remember, your computer and handheld device may ask you to save sign-in settings. Where possible, try to avoid doing this.   The settings will be stored in your browser and hackers can easily access, steal and use this.”

5. Get users to accept cookies before browsing the app or website

“Cookies are text files with small amounts of data, for example, the user name and password, that are used to identify the customer when they enter your website. The data is labelled with a unique ID. When the cookie is exchanged between the user and network server, the server reads the ID and knows what information to send out,” Bandara added.

“This frees up your storage space on your server, and brings down your server maintenance and storage costs, while also allowing you to personalise your customer’s experience.”

Recognising the importance of digital security

“Digital security preserves the integrity of your data and keeps your clients’ information secure. Investing in cyber security brings you peace of mind. It is important to keep abreast with new digital security challenges as they emerge,” Bandara added.

“Making sure that your website or app has sufficient security features can safeguard you from a cyber attack. Besides the inconvenience, invasion of security and loss of trust from your clients, the cost of data recovery, damages and your reputation are immeasurable.”