Is your software secure? This is a question every business needs to answer well.
Security isn’t just a concern for companies required to ensure HIPAA compliance for patient health information, or for companies selling online that need to provide PCI compliance for all transactions. Every company with an online presence needs to treat security as a business necessity, because a security breach can devastate your bottom line.
Security is a wide-ranging concern. Companies often focus on securing their network and hosting, but it’s just as important to make sure software is built with security in mind.
At Worthwhile, we focus on providing a ‘no regrets’ experience — and we know that security problems can lead to major regrets for your company and your customers.
These tips on software and network security include things you can do right now, and things a software partner like Worthwhile can help you do.
What You Can Do
One User, One Login
One key security practice that your company should implement now is ensuring that every user has his or her own login for each piece of software your company uses.
When users share logins (such as a company-wide account for a certain product), you have no visibility into who’s doing what in the system, and when they’re doing it. So if a breach happens, you’ll have a more difficult time determining the source of the problem.
If users are sharing a login because of seat-license costs, you may want to investigate a custom integration solution.
Regular Software Updates
Most software programs offer regular security updates meant to protect your company from exploitable flaws. You need to be diligent about these free updates to keep your software’s defenses up to date.
Password Rotation and Strength
It’s annoying for users to have to change passwords regularly, but it’s a low-cost way to improve the security of your systems. Changes once per quarter will help.
Getting users to set strong passwords—using capitalization, numbers, and symbols—also helps. Whether your software enforces these rules or not, it’s a best practice you should adopt.
What a Software Partner Can Help You Do
Proper Security Certificates
SSL (Secure Sockets Layer) certificates ensure that you are providing a secure, encrypted connection to your website, e-commerce, or online portal. This connection keeps third parties from eavesdropping, tampering with or forging data, or inserting themselves in between you and your user for a man-in-the-middle attack. You can tell if a SSL certificate is in place because it’s what allows a website address to begin with https instead of http. SSL certificates come at a cost, and the public and private keys that come with the certificate need to be implemented. Your company’s software partner should plan for these security certificates when building your website or online portal. SSL certificates also have expiration dates, so you’ll want to make sure your software partner keeps your certificates up to date throughout the life of your software or website.
Isolation of Services
It’s vital to separate your database, web server, and other services such as FTP and administrative applications on separate servers.When each service is isolated with security measures in place, it prevents exploits in one system from allowing access to another system. This is an added safeguard for customer data and other key information stored in your database.
Storing Tokens Instead of Data
Obviously, the more data you store, the more risk you have in terms of a data breach. So it’s wise to take advantage of systems that store tokens in your system instead of sensitive data. For example, instead of keeping credit card information in your system, you can integrate with a payment platform that stores it. Your system would serve a token that would call for payment to be made when a customer makes a transaction. Your customer still has the same user experience when making a purchase, while you keep the customer’s payment information more secure.
Who’s watching your web server, your database, and your hosting setup to make sure it stays secure? New security threats and hacking techniques arise regularly, which means that what’s secure today may be vulnerable in the future. This is especially true of third-party plugins and addons. Adding these extras to your website or software can add functionality, but it also creates additional areas where your software can become vulnerable.
Having a reliable software and hosting partners is a key way to keep your data secure. And if that partner can manage both your software and your hosting needs, to ensure an end-to-end security strategy, all the better.
Security isn’t an all-or-nothing proposition. Take the steps you can immediately, and find a software partner who can help you create a wide-ranging plan.
Your customers — and your bottom line — will thank you.