Safety Matters: Customer Data Protection
With 773 million unique email addresses and passwords revealed in January and another 763 million a mere month later, 2019 confirms that we’re living in increasingly worrisome times for data security. And while no currently known solution guarantees 100% security online, there are methods that can help business owners strengthen their data protection measures. Today, we’ll talk about the software side of security.
Secure CodingCustomer data protection starts from the first lines of the application’s code. Secure coding is a method of software development where special focus is put on the elimination of any security vulnerabilities from the codebase. Click To Tweet
Bugs, defects, or logic flaws are the most commonly exploited vulnerabilities that can be easily avoided during the development stages if all team members approach secure coding with due diligence. Every good software should have a roadmap and guidelines for secure coding that developers abide by when writing the code.
Not following the principles of secure coding can have dreadful consequences. The validation.io data breach mentioned above was a result of an unprotected MongoDB database left on the company’s server—the database didn’t have a password. When hiring a software house, ask if they have secure coding guidelines set forth.
To protect the communication between a web server and a user’s browser, every organization should implement an SSL Certificate. The SSL Certificate is crucial to web security because it encrypts input and output data. Information such as credit card number, password, or address that a customer enters when using a website is therefore unreadable to any person who intercepts the transmission.
The URL of websites protected by the SSL Certificate begins with “HTTPS.” Modern browsers and a majority of search engines mark websites without a certificate as not secure, preventing access to them and listing them lower in search results.
This seems obvious, but customers are notorious for either reusing their passwords across multiple accounts or using easy and common combinations, which gives hackers an easy entry.
During the registration process to your website, clearly state the requirements for passwords, putting a strong emphasis on their length and complexity. Long passwords, preferably even sentence-long ones, make a difficult case for password-cracking algorithms. A concoction of numerals, symbols, and letters is also recommendable.
While a strong password is a prerequisite, it’s often not enough to keep unauthorized individuals from gaining access to an account. Multi-factor authentication adds another layer of protection for the customers during the verification of their identity. By validating user identity with at least two-step authentication method, you’re decreasing the risk of an account breach with compromised credentials.
Examples of multi-factor authentication:
- Password + one-time token sent to the user
- Password + fingerprint recognition
- Password + security question
The importance of securing web servers, app code, and communication channels can’t be overstated, but those measures alone too often prove insufficient to ensure a desirable level of security.
If the data itself isn’t properly secured, once a hacker breaches through all other security measures, they can do whatever they want with stolen sensitive data. To make that data less valuable for the hacker, special technologies should be implemented. Their task is to encrypt, mask, or tokenize the data and thus make it worthless.
But before implementing data-centric security technologies, it’s important to perform an analysis of the owned data: check what data and where exactly in the system it is and how sensitive is the information it contains.
Software Security Patches
One of the fundamental, and unfortunately often overlooked, measures to improve data security are regular checks for software, plugin, and add-on updates.
Updates contain critical patches to security vulnerabilities. When not addressed in a timely manner, vulnerabilities in outdated software versions may serve as a back-door entry to the system.
When looking for plugins and add-ons available on, for example, WordPress, double check their origin and reviews to eliminate the risk of installing malicious software. If it happens that a whole system becomes outdated, a migration to a new technology might be necessary to maintain a high level of security.
Help Keep Your Company Safe
By directly following data protection guidelines organizations can keep the risk of a data leak to the minimum. Regulatory investigations, reputational damage, and costly litigations are just three of the many shattering examples of consequences a data breach entails.
The security measures in this article are only the tip of the iceberg of what every organization has to do in order to ensure the maximum possible security level of customer data. We’ve focused on the software part of data security, but to decrease the likelihood of a data breach, it’s imperative to approach the matter holistically—from the first lines of code to the usage of the application to post-breach preparedness plan if it occurs.