2. Are you a tech startup founder? Or perhaps you are interested
to know some of the basics of cybersecurity?
I've talked to a couple of startup founders during the last few
months and cybersecurity is one of the things that keeps them
awake at night. If tech giants like Facebook can be hacked,
then how can a small startup company with limited budget
protect itself from such threats?
3. Insider threat remains a top security issue. You have
employees, former employees, and third-party contractors in
this equation. Record all login attempts. Transactions and
employee activities must always be logged (audit logs) and
should never be deleted (in other words, there should be no
delete function). Limit the number of people who has complete
access to the app and your back-end system.
4. Physical security is also an important part of cybersecurity.
Only authorized personnel should be able to access sensitive
areas in your office (i.e., data center, area where the
developers work, executive offices, etc.). Investing in biometric
access and CCTV cameras are highly suggested.
5. Secure your code. Make sure you fix bugs and vulnerabilities.
This is the starting point for most hackers.
6. Encrypt all credentials and data. App data must be accessed
only by a limited number of personnel (role-based access) and
creating a secured gateway will mitigate the risk. Review
regularly who has access to the data within your team.
7. An important component in security is user authentication.
User authentication and authorization must cover user privacy,
identity management, session management, and device
security features.
8. A regular review of the different APIs that the company uses
should be done religiously.
9. There are tamper-detection technologies that can set off alerts
when someone tries to tamper with the code or inject malicious
code.
10. Use the latest OS platform and development framework to help
in mitigating security risks.
11. Use the best cryptography tools and techniques. Everything
must be encrypted while in transit and at rest. Put your keys in
secure containers and do not store them locally on the device.
It is suggested that you use 256-bit AES encryption with
SHA-256 for hashing.
12. Test, Test, and Test. The work involving cybersecurity is a 24/7
job. There will always be new threats and it is important that
the company neutralizes these threats immediately.
13. Lastly, if you find a security issue, update your app
immediately.
14. Disclaimer
The things I shared is not a comprehensive
checklist to cybersecurity. As you move forward
in building your company, you should seek to
get a cybersecurity professional to help you
secure your mobile app.
Technology changes fast, therefore please take
note that what may be true today may not
necessarily work tomorrow. Keep yourself
informed and updated.