In addition to our regular server side security defenses, we must emphasize client (browser) security issues.
For we cannot certify that the client browser system is uncompromised; eg if there is a keystroke logger on the browser machine, clearly we cannot promise secured data transmission. As such, audience training is essential, for if we cannot alert our audience to the various existing threats then we cannot begin to provide them with a safer environment within the web site.
It is for these reason we recommend that our web audience have their security settings set to 'High', java and javascript disabled, and that they use no plugins.
Over the years, we have always upheld the importance of education of their widespread web audience, and maintained a calendar of ongoing exploits and future threats. We welcome the opportunity to share their experiences and practices with appropriate clients.