Protecting Our Systems Against Data Breaches

While there are NO GUARANTEES against a cyber-attack, we are working hard to increase security on the our websites and web applications by using industry standards that defend against several types of cyber-attacks. The start of the Russia-Ukraine conflict in early 2022 increased the likelihood of cyber-attacks against US businesses; both public and private. As a result, the Cybersecurity & Infrastructure Security Agency released a Shields Up Advisory wherein they "recommend that all organizations—regardless of size—adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets". Cadresoft immediately responded to this advisory by reviewing all of our corporate and client websites which were already protected by several security features defined below. We therefore focused primarily on Content Security Policy, clickjacking and cross site scripting.

SQL injection is a technique that attackers use to gain unauthorized access to a web application databases by adding a string of malicious code to a database query. A SQL injection manipulates SQL code to provide access to protected resources, such as sensitive data, or execute malicious SQL statements. Our websites has been designed and developed using industry standards and best practice methods to protect against SQL injection.

Software updates prevents hackers from taking advantage of known vulnerabilities in software which can lead to a data breach and other attacks. We use the latest version of any software used to develop your website; especially if your website is under a maintenance plan.

Sanitizing and Validating User Input helps protect your website and data from being hacked or compromised. We never trust user input when we ask users to complete forms on websites. Instead, we design your website to ensure that the data provided by a user is what is expected. For example, if we are asking the user to provide a date, we force the user to select the date from a calendar or force the date to be correctly formatted and warn the user when a bad date has been entered. When the user clicks the submit button on the form, the date is evaluated to verify that it is valid. If the date is not valid, the date is rejected, and user is presented with an error message.

A Content Security Policy (CSP) is a security standard that provides additional layers of protection from cross-site scripting (XSS), clickjacking, and other code injection attacks. CSPs help to ensure content loaded in the webpage is trusted to increase protection against various forms of cyber-attacks.

SSL certificates keeps internet connections secure and prevents hackers from reading or modifying information transferred between two computer systems: such the connection between your PC and your website. When you see a padlock icon next to the URL in the address bar, that means an SSL certificate is protecting the website you are visiting. If a hacker intercepts the data being transmitted between your PC and the website, the data is useless to the hacker because it is encrypted. Data being transmitted can be sensitive in nature such as names, date of births, credit card info and user passwords. Most modern browsers are now reporting a website as “Not Secure” when an SSL certificate is not used on a website.

Cross site scripting (XSS) is a common attack that can compromise user accounts, activate trojan horse programs and cause your website visitors to release private information. A successful cross site scripting attack can have devastating consequences for an organization’s reputation and its relationship with its clients.

Clickjacking is an attack that tricks website visitors into downloading malware, visiting malicious web pages, or providing credentials or sensitive information. Clickjacking can have a negative impact on the reputation of your website and your business.