3 Security Concerns You Should Be Worried About (and 3 That You Shouldn’t)
In today's technology-driven world, the more advances we make, the more security concerns there are to worry about. Innovation is key to continuing advancement, but it's crucial to remain on top of new technological security threats to ensure the safety of your organization's data and virtual property.
If you're building or implementing new software or a website redesign, there are several things you should consider as you create the platforms. As you develop your program, there are certain security risks you should watch for and discuss with your developer. On the other hand, there may be some areas you may be concerned about that shouldn't cause you worry.
Does all this sound like another language to you? Don't worry. Below, we're going to break down in plain English 3 security matters you should be paying attention to, and 3 that you shouldn't lose any sleep over at night.
Insecure Cryptographic Storage
If your website collects donations from patrons, sells merchandise to customers, or takes online payment in any form, sensitive data security is an especially important factor. Protecting the payment information of your customers and patrons is a no-brainer, but sometimes new innovation leaves this security door open to risk. Measures that were sufficient just a few years ago may no longer be enough. Additionally, there are industry standards for security that you may need to meet in accordance with privacy laws, among other concerns.
Talk with your developer about ensuring that all private information entered on your site stays private and secure. If you're using a platform that hasn't been updated in a while and does not have an active webmaster keeping the software current, consider asking a development company for security consultation to make sure that your data is safe.
Broken Authentication and Session Management
Attackers often look for weaknesses in session management (the time spent and actions performed by a user) in order to hack into secure systems. If you provide your team with login credentials that are not especially unique and that can be easily guessed, you may be creating a security hole for your organisation.
Talk with your developer about creating session timeouts (a lock on protected data if the user has been idle for a certain length of time) and requiring password changes. These small implementations can greatly protect your private data. It's important to ensure that your login requests are being made over secure connections (https). Without private connections, you may be creating a recipe for disaster.
Security vs. Innovation
In our high-tech world, we get excited about the newest, flashiest software systems and websites. "Cool" is too often prioritised over "safe". While innovation and a slick, professional design is important, security should be the first concern in implementing a new platform or website.
When you discuss your ideas with your developer, be sure to voice your concerns of security over appearance. Rushing to get things done and thinking about security too late in the development process can create dangerous issues later down the line. Ensuring that your developers have the knowledge and experience to take security into account from the start will save a lot of time and effort, as well as reduce risk.
While there are several things to carefully consider, there are also a few things you shouldn't worry about.
Storing Information and Files in the Cloud
The cloud is a beautiful thing, but thanks to Edward Snowden and the "Snowden Effect" many companies are wary about what they store in the "cloud" and how safe their information is. While no system is completely safe from attack, security surrounding cloud storage services is becoming more and more advanced. The benefit of storing your information off-site usually compensates for the very small chance of that data being compromised by a third party.
As you utilize a cloud service for your socially-minded organisation, consider what information you are storing. Is it something that should be protected at all costs? Perhaps that information would be better safeguarded on-site.
Utilizing Your Software Over Several Technology Platforms
Our society is rapidly expanding how we use technology in our daily lives and businesses. If you're considering utilizing several platforms for your new software or web design, such as access from tablets or smartphones, you needn't worry.
As we continue to develop programs that translate seamlessly across multiple devices, there is little to no security concern. Attackers need a reason to attack, and it's not likely they will target mobile devices like tablets or personal phones. If there is not much gain in having control of the information on your mobile device, consider it safe.
Password Theft
Passwords are still the main way we protect our information. Though there are other ways to secure protected data, they are often expensive and inefficient. While passwords have become security concerns in the recent past, new advancements have created new ways to secure your services.
Talk to your developer about requiring password changes often or after certain intervals of time. Talk with your team about creating unique passwords that are difficult to guess. Security is a human consideration and not just a technical one. You need to make it easy for your users to have secure passwords and to understand their responsibilities to keep things secure, otherwise human nature will undo everything! Ensure your users are given all the help and training to ensure good security practices.
Consider two-step authentication, requiring users to choose images or answer questions that are unique only to them. Full two-factor authentication requires something beyond questions/etc EG a code sent via SMS. Make sure your developers follow the advice in this this excellent article when building your application.
If your team is using a large number of unique passwords, consider utilizing a password management system like LastPass. The password management system will store and remember all passwords for the user and can generate unique passwords that have no correlation to the user. This is a great alternative to remembering multiple passwords that are often changing.
There are certainly many concerns you should have when implementing new systems, but there are also things you should spend less time worrying over as you work to build your software and website. Talk with your developer about the areas you feel should be strengthened.
Still wondering if your new software or website is secure enough? Not sure where you should provide more protection? Contact us and let us help.