Protecting the websites and the web servers against cyber-attacks involves the application of security measures both at a logical level (security of access and services) and at physical level.

Physical security consist in the closure of IT equipment in a dedicated space and the provision of access control.

Logical security consists in software that are necessary to control the access to information and services of a system. The logical level is divided into two categories: access security level and service security level.

Automatic update of the operating system from the servers is recommended for troubleshooting security breaches or uncovered programming errors. Updating installed applications in the operating system is only possible for licensed programs; the use of pirated programs can induce cybersecurity risks.

Installing antivirus or anti-spyware applications is required to secure the operating system from the server. These applications typically have two components:

• A component automatically launched at the start of the operating system that runs in the background and monitors users activity (running programs, web browsing, launching email attachments, installing various applications);
• A component that is running on demand when it is intended to effectively scan the operating system to search for malware.

Installing a firewall application is an essential requirement in ensuring the security of any server. The role of this program is to control the flow of information flowing between the user computer and another destination (either from the local network or from outside it).

A firewall can filter, accept, or block the transfer of data according to established security policies (blocking data theft or illegal connections to the server).

Protecting personal data is an important aspect. The way how personal information is provided on websites, should be done as responsibly as possible. The users must be attentive when providing data that could lead to their identification or identity theft (name, surname, date of birth, personal identification number, address, telephone, bank card details, etc.).

Some basic steps in storing personal data are:

• The use of complex, unique, hard to guess or break passwords, consisting of numbers, upper/lower case letters and special characters;
• Storage the minimum required data online and maximum discretion in providing them to a third party (users, companies);
• Using encrypted versions of protocols when sensitive information is exchanged so as to ensure data confidentiality and prevent identity theft;
• Encrypting all personal information when saved on different storage media.

An additional risk occurs when personal information is stored in client accounts on commercial websites, which may become the target of cyber-attacks anytime, so stored data becomes vulnerable.