No one needs to be an expert in security to know that there are a few thing's that stand out as being the leading causes of security access mistakes and issues over the past few years. Hacks, DDoS, cracks and the like have become common language, which means they're everywhere. There are many area's of concern, knowing where your most likely to be vulnerable could really help you stay ahead of the bad guys, so here's some pointer's to look at to help you think "Safety" before we start working together.
Directory Traversal attacks aren't in everyone's checklist, but they are one of the most usual type of attack's that you'll see. All that's needed is a browser and patience - the attack itself doesn't make the software do anything wrong, it simply allows a 'user' to get to are'as for your site they shouldn't be able to access. Once our 'user' can access other area's that shouldn't be available, they can ask software to do things you don't want it to do, like give them lists of user's access etc..
SQL Injection attacks haven't usually been regarded as a major issue, until it happens to you of course. The real problem with that thought is that 3 or 5 years ago the threat level was represented by "there's not that many" SQL database's for it to harm. Today, with WordPress alone having over 30% of all sites on the Internet with 95% of them running SQL or MySQL database's the level of frequency of occurrence is dramatically increasing. The attack itself is as it sounds - attempts are made to access your database tables themselves, or to inject malicious code to them.
Security misconfigurations lead to more problems than anything else - period. This isn't rocket science, it's simply making sure you set all area's up correctly, that you keep them updated and that you make sure your supplier's keep their instruments that up to date. Thing's like making sure your website SSL certificate is set properly for your site domain, not the first domain named on your shared VPS (which we have seen happen, multiple occasion's) will help stop that.
Of course, the single best way is to have Cyberus Technologies review your situation, and we'll recommend accordingly.