Our commitment to cyber security

According to a government survey, half of businesses and a third of charities (32%) reported some sort of cyber security breach in 2024.

Just 11% of businesses said they review cyber security risks posed by their immediate suppliers. Smaller organisations in particular tend to have limited formal procedures in place to manage cyber security risks in their supply chains.

At Adaptable we build, launch and manage websites and digital products that are often integral to our clients’ digital operations. For that reason, we’ve always committed ourselves to the highest standards of security to ensure that we are a secure link in our clients’ supply chains.

Here’s a bit more detail about our commitment to security.

Client-side: secure platforms

When it comes to website and digital products, we ensure security is baked into the development and launch process.

All of our websites are hosted on secure servers with 24/7 monitoring for vulnerabilities and unexpected file changes. We can also add additional measures including web application firewalls and PCI compliance for eCommerce projects.

We typically work with two CMS platforms: Enterprise WordPress and Sanity. Although setup is slightly different for each, the level of security remains the same.

For Enterprise WordPress, we utilise:

• Enforced password strength
• Multiple login fail lockouts
• Non standard admin URLs

For Sanity, security measures include:

• Secure backend hosting provided by Sanity, and we can provide or recommended secure frontend hosting
• Authentication tokens for user access and API requests
• Private datasets that only authenticated users can read/access

In addition, for headless projects, security is enhanced due the frontend and backend being separated, reducing the attack surface.

We also recommend an ongoing support and maintenance plan as a minimum to ensure core systems and plugins are kept up to date and secure.

Internal: secure operating policies

Ensuring our internal policies are secure is equally as important as building and maintaining secure digital experiences. To ensure our internal operations are held to the highest possible standards, we hold the Cyber Essentials accreditation.

Cyber Essentials is a government-backed certification scheme, recommended as a minimum standard for cyber security for all organisations – no matter the size or the industry. The accreditation is achieved through a combination of self-assessment and independent audit and is renewed annually to ensure compliance.

Measures we have in place to comply with the Cyber Essentials standards include:

• Secure device configuration and update management – devices are kept up to date with the latest OS, admin control on all devices, etc
• User access control – two-factor authentication on all applications housing client information/data, no access to internal systems from personal devices
• Malware protection and firewalls – ensuring malware protection and firewalls are activated on all devices

If you’re looking for a partner that prioritises security while building and managing websites or digital products, we’d love to chat. Get in touch to learn how we can help create a secure and scalable digital experience for your business.