IT security has recently gotten a lot of attention in the mainstream press especially with CEO of Facebook, Mark Zuckerberg, testifying in court last month to answer questions about how the company protects its users’ data. However, Facebook isn’t the first to see privacy of data being compromised. Retail giant Target paid $18.5 million to settle claims by 47 states and the District of Columbia that resolved a multi-state investigation into a massive data breach in late 2013. That same year, three South Korean television stations and a bank suffered from frozen computer terminals in a suspected act of cyber warfare. In March of this year, city officials in Atlanta dealt with “a cyberattack that is holding internal systems hostage using ransomware… a written communication from the hackers warned that they had frozen the city’s computer systems.” Furthermore, If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies.
Right now, you are probably thinking to yourself, “so that is how and why my personal data got hacked.”
Security is important, not only for the privacy of individual’s personal data, but also from malicious viruses that can take a business down for days which equates to significant revenue loss.
Building software platforms for your business has one thing in mind – to build your revenue. However, when you build a software platform it is just as important to build in the right security and to ask the right questions to ensure your client’s data and the company’s data is safe from hackers.
As a software engineering company, we believe we need to ensure that we build in privacy and data security into all new and existing software applications. Let’s consider some best practice steps developers and managers can take to ensure proper security is built into any and all of your platforms and applicaitons.
- Make an inventory checklist of types of data – Businesses should always conduct an inventory checklist that answer these questions:
- What kind of data do you have in your business? All businesses have various types of data and some data is more valuable than others, but regardless all data needs to be protected. For example, financial information, personal data and records, and transaction history is all very sensitive information and having a list of the types of data a business has will help engineers understand the sensitivity nature to securing that data.
- How is that data currently handled and protected? It’s important to understand what current policies and software exists at a business and to understand any weak areas of potential breach.
- Who has access to that data and under what circumstances and what procedures have been put in place to follow to ensure that data remains private.
- Create layers of security – Protecting data, like any other security challenge, is about creating layers of protection. The idea of layering security is simple: You cannot and should not rely on just one security mechanism – such as a password – to protect something sensitive. If that security mechanism fails, you have nothing left to protect you.
- Plan for data loss and theft – Hackers have become quite sophisticated as technology becomes more sophisticated. A security breach plan and backup should always be created in case of a breach. This will ensure a rapid and coordinated response to any loss or theft of data.
- Automate security testing – Automate testing into your software builds. Test, Test, Test!
- Understand different types of encryption engineering code – You want your data safe, period. It is important to understand what type of encryption is built into your platforms and applications. Today, most platforms/applications are built with pseudo-random salt/entropy, and even worse they have hard-coded values to rely on security. This makes it easier for hackers to figure out how to hack into your system. A more secure encryption coding embeds TRUE RANDOM seed data used as a salt to encrypt data. We believe this is a MUST have.
If you have questions about how to build in more security into your systems, contact us today to speak to an expert engineer.