To reduce the chance on this occurring, the following suggestions and best practice to improve your web security:
Use HTTPS on your website
Benefits of using HTTPS. HTTPS is a way to encrypt information that you send between a browser and a web server. This protects your website’s users from "man-in-the-middle"” attacks, where someone steals the information being sent to a website, like information or logins details.
Configure you webserver with HTTPS
Get a certificate - A certificate is simply a paragraph of letters and numbers that only your site knows, like a really long password. When people visit your site via HTTPS that password is checked, and if it matches, it automatically verifies that your website is who you say it is – and it encrypts everything flowing to and from. If you don't have a certificate yet, you can get a free certificate in https://letsencrypt.org
IIS server - To learn more see https://support.microsoft.com/en-us/help/324069/how-to-set-up-an-https-service-in-iis
Apache server - To learn more see https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html
Correctly configure web security headers
HTTP Response headers are name-value pairs of strings sent back from a server with the content you requested. They are typically used to transfer technical information like how a browser should cache content, what type of content it is, the software running on the server and much, much more. Increasingly, HTTP Response headers have been used to transmit security policies to the browser. By passing security policies back to the client in this fashion, hosts can ensure a much safer browsing experience for their visitors and also reduce the risk for everyone involved. Let's take a look at some more security based headers.
To learn more see https://www.globaldots.com/8-http-security-headers-best-practices
Hardening you HTTP response headers
The first step in hardening your HTTP response headers is looking at the additional headers you can utilise to make your site more secure. Outlined below, these headers give the browser more information about how you want it to behave with regards to your site. They can be used to deliver security policies, set configuration options and disable features of the browser you don't want enabled for your site. Once you have setup each header, check it using SecurityHeaders.io.
The following are headers you can utilise to make your site more secure.
Content Security Policy
HTTP Strict Transport Security
HTTP Public Key Pinning
To learn more see https://scotthelme.co.uk/hardening-your-http-response-headers
Use strong and complex passwords
Consider a "pass phrase" rather than simply a password. Such a phrase should be relatively long – perhaps 20 characters or so and consist of seemingly random words strung together along with numbers, symbols and upper and lower case letters. Think of something that you can remember but others couldn’t guess that’s relatively long – perhaps 20 characters or so — using seemingly random words strung together along with numbers, symbols and upper and lower case letters.
Make the password at least 12 characters long. The longer the better. Longer passwords are harder for thieves to crack. Include numbers, capital letters and symbols. Consider using a $ instead of an S or a 1 instead of an L, or including an & or %. Don’t use dictionary words. If it’s in the dictionary, there is a chance someone will guess it. There’s even software that criminals use that can guess words used in dictionaries.
Keep your server up to date
Install latest service packs and security patches. Microsoft Update is the online extension of Windows that helps you keep your computer up-to-date. Microsoft Update includes updates from Windows Update and from Office Update, in addition to updates for other Microsoft products and for third-party device drivers. Use Microsoft Update to install updates for your computer’s operating system, software, and hardware.
To learn more see https://support.microsoft.com/en-us/help/311047/how-to-keep-your-windows-computer-up-to-date
Improve website performance
To learn more see https://scotthelme.co.uk/performance-cheat-sheet
Once done check your web security status on this website