In an age where technology is all around us and IT companies are flourishing in the APAC region, everything is going online by default and there is exponentially more data available on the internet every year it is more important than ever to ensure businesses keep their data private and have the right security measures in place. As Founder of Bitspark, a Bitcoin fintech company, nothing keeps me up at night more than security and its something that is a constantly evolving field. Below I share some of the top 5 ways we use to keep your data safe, save money and make any organization’s life a bit easier in the process.
1. Use Open Source where available. Open Source software means the code is freely open for anyone to view, copy and make their own anywhere in the world. When code is auditable anywhere in the world, especially for larger projects it means a different set of eyes are vetting it, for free and security issues and fixes can be found and patched quickly leveraging the crowd. A good example of this is the Firefox web browser which is faster and scores higher in security tests than incumbents like Internet explorer. Indeed, most day to day office tasks you’ll generally find there is an open source alternative (like OpenOffice or LibreOffice) have a look around, you may be surprised.
2. Encrypt sensitive information. If your business holds sensitive customer information like usernames, passwords, names, addresses, billing details, credit card numbers, confidential documents etc it should be encrypted by default. Encryption is the transformation of data into a form thats not readable by anyone else without the proper key or password and is fundamental to IT security. Important data (documents, spreadsheets, customer information, website forms) can be encrypted with various local storage devices (Hard drives, USB’s), open source software (like AEScrypt) and cloud services like Mega. Encryption enforces privacy, is easy (and free) to do and provides your customers and employees reassurance their data is safe from prying eyes. Even in the event your data is exposed it is unintelligible and useless without the proper key.
3. Crowdsourced auditing. Sites like Crowdcurity and Bugcrowd are innovative new examples of leveraging the crowd for high quality, cheap and fast auditing of your website or application. Bounties are paid to security researchers from around the world who compete to find holes in your service which ensures you pay for actual results not time spent and it’s active 24/7. This is a much more effective way of ensuring a high quality product than paying a contractor not for results but hours spent and in the past, that contractor would only deal with the code presented to them on the day, next week when a new feature may be introduced a new unforeseen vulnerability may be exposed rendering prior auditing redundant. Thousands of brains on the task are better than just 1.
4. Use a VPN to connect to the net. When connecting to any public WIFI while travelling, in public places or other business locations the connection itself could be insecure with your passwords and data vulnerable to snooping and collection by an entity monitoring the network you are connected to. VPNs (Virtual Private Network) ensure you connect directly to another secure server which then connects you to the outside web with all good VPN providers ensuring your data is encrypted all the way, they are cheap (or free) and easy to setup even for the nontechnical. A VPN ensures if anyone was snooping on your connection all they’d see is garbled data that is unintelligible ensuring you stay safe when connecting outside your own network.
5. Authentication can be easy. By authentication we usually mean a username, password maybe a captcha or a physical number generator banks like to give you. Frankly all of us would agree our lives would be better if we had less usernames and passwords to remember. Many people use the same username or password for multiple applications which is a security risk and some organisations force people to change the password frequently or require ever more complex combinations which most people are too busy to make a new unique password every few days and instead just increment the existing password by a number to keep it easy to remember. I stumbled upon Clef and have been very impressed. Clef uses secure public / private key cryptography and enables users to securely login to any supporting website by pointing their smartphones camera at a picture on the screen (the awesome ‘Clef wave’). No username, password, physical key required and no private details being transmitted over the web.
The above mentioned tools and methods we’ve found to be of assistance to us and when applied effectively, we can all help make the web a safer place!
