Your personal data is in the hands of hackers (most likely). You can be the most thoughtful person when it comes to identity protection, but it won’t help you.
In 2014, over 1,000,000,000 individuals had private data hacked (that’s a billion, for those counting). Sure, there were a lot more cases of direct identity theft from skimmers, negligence, and other reasons. However, that’s not where the vast majority of cases derived. The primary culprit? Corporate hacks.
If you own or run a business, it collects and stores sensitive data. No matter what you sell. VTech, the children’s tech toy maker, had the data of 4.8 million individuals (including the young ones who use their products) stolen.
It affects everyone who has put information into a hyperconnected world. All types of public entities (and private ones) are at risk. Fortune 100 companies, non-profits, and even government agencies (the FBI and U.S. prison system were both hacked in 2015) are all seemingly vulnerable targets.
All of this unfortunate news poses a question. Can you provide adequate security in a cloud data age where everything is somehow connected?
Let’s take a look.
Do the Benefits Outweigh the Consequences?
The cloud, Web 2.0, Internet of Things (IoT), Mobile Devices, Open Data. These are relatively new in the scope of history but have become crucial to the advancement of so many sectors (healthcare, technology, finance). With the amount of data that is being created, we need innovations like these to utilize, store, and deliver it all in a fast and economical way. In a sense, it was a necessity that brought out our hyper-connectivity in the first place.
Unfortunately, innovation and fast-moving advancements always produce “blind spots”. There have been none bigger than the threat to the very thing that is bringing about the renaissance of innovation (big and open data). It’s not hard to think that our progress is worth the risk, but are their ways to heighten the security surrounding your sensitive data.
Here are some best practices.
1. Determine Your Vulnerabilities
The market loves the functionality. A refrigerator that can make your shopping list, a SaaS that can track multiple elements of a specific industry, and an app that holds all of your financial information from one intuitive interface are the types of things people love to see out of their tech.
Although, in terms of cybersecurity, the more functionality a product has often directly correlated to the number of vulnerabilities. Finding the potential entry points for hackers will go a long way in your process of setting up security.
Sobering Thought: The most often exploited weakness utilized by digital thieves are your employees.
2. Divide to Not Be Conquered
You should be storing your data in more than one place. There are multiple ways to separate data. Placing secure data in less accessible and vulnerable locations will decrease its chances of being swiped. The more locations and separations you can make, the less likely you are to have a large data loss.
Depending on your business model, the amount of sensitive data may be low enough to warrant storing it “in-house”. By having your financial records, personal information, and other eyes-only data stored on hardware that you have more direct control over can vastly improve your vulnerability.
Key Takeaway: Segregating data by sensitivity and holding it in various places and levels of security will limit exposure in the event of a hack.
3. Think Legally
Data loss can happen to anyone and has even been considered the third great certainty in life (after death and taxes). All the security available today will help but doesn’t make your ship unsinkable. While no hack comes without cost, ensuring that you’re legally protected from any negligence is crucial.
Wrangling in the vulnerabilities that you can directly impact should be done through a detailed policy that covers any issues that could arise from anyone that has access to data. Even those that don’t directly access data should also be under a policy for good measure (factory workers who construct products using IoT).
A few of the most commonly exploited issues include:
One of, if not the most common reason for hacks are employee passwords. Fortunately, it’s also the easiest to fix. You can choose how strict you need to be, but on the low-end, you should require staff to do password changes at regular intervals with a good difficulty level with special characters.
On the more stringent end, requiring very difficult passwords at random, but frequent intervals with the use of third-party password aids would heighten security all the more.
Another common vulnerability is the lost devices of staff members. While human error is real, your policy should outline repercussions enforced in the result of lost hardware. Termination could be a potential motivator upon repeat occurrences, and a certainty if the mishap results in data loss.
Bring Your Own Device
Allowing employees to use their own devices is a common practice among startups and tech companies. While it can promote creativity and productivity as far a development, it does create a large potential problem.
Clearly outlining and adapting your security procedures to your employees’ devices is critical to your protection in the event of a hack, and preventing one from occurring in the first place.
Sobering Thought: The most disastrous cyber attack ever created was called MyDoom and cost an estimated $38.5 billion.
4. Think of Your Customers (As a Potential Issue)
We could argue whether or not the customer is always right, but it’s certain that they aren’t always secure. Want some proof?
Only about 7% of people genuinely read the terms and conditions of any site they utilize.
Helping your customers understand the importance and the vulnerability that the entire planet shares have to be a continuing focus for your organization. Sending them great sources of security content, sending out email reminders about changing passwords, and even piecing out policies to get a higher read rate (since they lied about reading them) are all great ways to help ensure everyone is as protected as possible.
5. Develop Smart
Finally, a tip that will help you immensely on the journey to being more secure on the hostile web is to develop your software in a way that limits “blind spots” and can implement changes quickly in the event of problems (security or otherwise). Using a development team that is both talented and organized is a great start.
Companies will often use outside developers to speed things up or utilize the expertise of external talent. While this practice can yield awesome results, it could mean on-boarding a freelancer to your already set security policies and practices.
Koombea has assembled a world-class team that understands the developing world as much as they do its threats. Our process is as secure as possible and can pivot quickly, making the changes you need to succeed and prevent issues in the future. Hiring an independent freelancer or small team can mean a less secure cloud development environment.
If you would like to learn more about how we develop securely and with incredible quality, get in touch with us today.