Your Customer's Data is More Important than Your Company

Discover why customer data security surpasses company value. Learn essential tips for encryption, safeguarding against login attacks, and adopting proactive security measures to protect your business and customer trust. Click to enhance your data protection strategy.

If your customer's data is compromised, you might as well kiss your company goodbye.  Or you know, if you're the Equifax CEO, sell $2M worth of shares before disclosing the data breach.

stock_downfall

I'll touch on 2 major vulnerabilities you can address when building your web app / website.  I'm certainly no expert in security, but I spent a few years doing backend development for a cloud security startup called Mojave Networks that was later acquired by a Gartner leading security company, Sophos.

Encryption

encrypt.png

Encrypting is "the process of converting information or data into a code, especially to prevent unauthorized access."Let's start by talking about encryption in transit.  This is the most common use of encryption and essentially means data is encrypted before being sent over the wire in case someone is sniffing the wire or intercepting packets.  Most websites nowadays support HTTPS over port 443, vs HTTP over port 80.  The 'S' stands for secure because your web client/browser and the server will negotiate an encryption algorithm and obfuscate all data before sending it.  It looks something like this in the browser:

Screen Shot 2017-09-08 at 7.51.34 PM.png

Assuming you can trust the host, by validating the top-level certificate authority for the certificate being presented by the server, you can rest knowing your data is going to the correct person and is encrypted.  A relatively uncommon attack is a man-in-the-middle attack (MITM) where a malicious server gets in between a client and the destination and acts as the destination to intercept the data.  This is a topic for another day.When should you encrypt?Anytime data is sent over the wire - even on internal networks.  As more and more companies are moving their architecture to shared racks they are also inevitably introducing additional vulnerabilities, unless they take proper precautions of course.On shared networks it's possible that an attacker is living on the same internal network as you.  By shared networks I mean servers running on shared racks such as AWS, Digital Ocean, Azure, etc..How Should you EncryptEncrypt on the frontend by using a globally trusted certificate authority (CA) to sign a certificate with a common name (CN) that matches your domain.You should force users to use the HTTPS version of your site by redirecting from HTTP.  Allowing unencrypted traffic is a big "no no" and can lead to credentials being intercepted if you have login forms.  Example:

Screen Shot 2017-09-08 at 8.13.49 PM.png

Encrypt on the backend using mutual auth.  This means the data is encrypted in transit, but equally as important, it means the servers know who they are talking to since each server contains a keystore and a truststore, thus preventing a MITM attack that is relaying/altering data.What Should you EncryptUnless you have major constraints that don't allow you to easily encrypt data, it's generally good practice to encrypt all data in transit.  You should also get in the habit of encrypt touchy data at rest.  "At rest", meaning in storage, in case one of your servers were compromised.

Login Attacks

There are two types of login attacks you need to watch out for.

  1. Credentials from other sites.  Occasionally other sites will get hacked, and said hackers will then use the credentials to try and log in to your site.  Typically they will try hundreds or thousands of credentials in succession using a botnet.  So, look out for any unusual traffic, and secure your log in form by using a reCAPTCHA form for unrecognized IP addresses.
  2. Brute Force.  Sometimes hackers will just attempt every possible combination, hoping one will work on your site.  Block their traffic by limiting the number of attempts, using reCAPTCHA, or rate-limiting requests at the network level using IPTables or something equivalent.

Don't be the Easiest Target

target.png

I recently sat in on a tech talk by the CEO of Shape Security and he provided a great tip for security in the form of an analogy.  If a bear attacks, you don't need to be the fastest, you just need to be faster than your friend.  Security is a game of cat and mouse.  As developers put more defenses in place, hackers find new ways to poke holes in systems.  By taking these simple steps, you can better hedge yourself against potential hacks.Subscribe to the blog to get more articles like this.Graphics compliments of Freepik

SMM Tips

7 Reel Templates for B2B Marketers

Discover how businesses are finding success with Instagram Reels with the 7 ideas in this article written to help B2B marketers use social media to generate awareness and engagement for their brands.

Read more
March 22, 2023
SMM Tips

How To Use Content Pillars in your Social Strategy

Learn how to leverage content pillars to enhance your social media strategy. Discover the benefits of creating content pillars and how they can help you streamline your social media content creation.

Read more
March 17, 2023
AI Tips

5 Essential AI Prompting Tips for Social Media Marketing Managers in 2023

Get ahead of the game with these five essential AI prompting tips for social media marketing managers in 2023. Discover how AI can streamline your social media management and save time while increasing engagement.

Read more
March 2, 2023
Agency Tips

Cloud Certification vs. “Onboarding” - What’s the difference & how can it help scale your agency?

Explore the difference between Cloud Certification and onboarding and discover how they can help scale your agency. Learn how to effectively onboard and certify your team to streamline your workflow and enhance your client's experience.

Read more
March 15, 2023
SMM Tips

How Social News can Connect You to Your Audience in Innovative Ways

Discover how social news can connect you to your audience in new and innovative ways. Learn how to create engaging content that sparks conversations and builds relationships with your followers. Discover expert tips and tricks for maximizing your social media impact.

Read more
March 7, 2023
SMM Tips

How to Create an Effective Meme Marketing Strategy

Learn how to create a successful meme marketing strategy and increase engagement with your target audience. Discover tips and tricks from experts in the field and take your social media game to the next level.

Read more
January 9, 2023