asdr-intro-bg1.png

Mobile App Security Insights

How to Steer Clear of a Cyber Attack

Apr 12, 2017 10:50:05 AM / by Sung Cho

How-to-Steer-Clear-of-a-Cyber-Attack-Blog-IMG.png

A cyber attack can destroy your business, your reputation, your brand, and your bank account in the blink of an eye. One moment you’re soaring high, celebrating your successes. And the next, you’re the subject of bad publicity, angry customers, and seemingly endless data leaks.

An ounce of prevention is worth a pound of cure. Sure, you can hire a PR firm and work to reverse the damage of a cyber attack. But why would you do that, when you can take steps to prevent one in the first place? Here’s what you need to know to prevent a cyber attack.

Educate Your Customers

Cyber attacks don’t always require expert coding and genius criminal strategies. Simply manipulating the behavior of naive customers is all the typical hacker has to do. Phishing schemes, ploys to gain access to passwords, and other ruses can give unprecedented access.

You can’t prevent this entirely, but you can educate customers about how and when you’ll contact them seeking information. Put a signature line in all emails outlining, in simple language, your policies. Put a disclaimer on the login page, and notify customers in writing of known threats. If customers are repeatedly reminded not to give out their bank information or passwords via email, then they’re far less likely to do so -- even if they’re otherwise fairly unsavvy.

Be Careful With Your Employees

Many cyber attacks aren’t thanks to nefarious outsiders, but to angry employees. Treat your staff well, so they have less of an incentive to use the information you give them against your business. Even more importantly, choose your staff wisely. Ensure that:

  • They have strong backgrounds in information security best practices.
  • They have no previous criminal history, nor any history of misappropriating company data.
  • They are committed to cyber security.
  • They know how to write excellent code.

If you work with contractors, check their code and make them sign agreements clearly outlining your privacy and security policies. Give all staff only the access they need. Openness might feel good, but it opens the door to cyber attacks and thefts -- something no business wants to deal with.

Protect Your Servers

Savvy criminals don’t need to steal consumer passwords. They can attack your servers and gain access to a veritable cornucopia of information. Ensure data on your servers is encrypted, and that you routinely run security checks. Otherwise a server-side attack could devastate your business in just a few minutes.

Know About Emerging Security Threats

It’s easy to assert that you want a secure application. What’s harder is knowing what that means. Protecting against the threats of 10 years ago, or even of 10 minutes ago, won’t do you much good. You need security solutions that address current threats. That requires you to stay up to date on the latest emerging threats, or to hire a company that does.

Patch Security Holes -- And Mandate Updates

No company, and no code, can be perfect. As security threats change, so must your strategy to combat them. To avoid a cyber attack, you must patch holes and other security threats as quickly and comprehensively as possible. Have coders standing at the ready to devise patches, and pay them fairly for their efforts.

Then -- and this is critical -- make your customers install updates. Updates are useless if they go uninstalled, and most research suggests that app users despise waiting to install updates. That’s why you have to mandate installation by disabling some or all of the features of your app until the updates are installed. Customers may not like it, but they’ll like it a lot less if their data is stolen.

Intelligently Manage Information

Every company wants more data on customers, but ask yourself whether you really need the information you seek. Then choose the most secure way to store it. Medical or credit card information should not be stored on the device, since that makes it more vulnerable in the event of a theft. Don’t ask for Social Security numbers or other information that’s not vital to your app, and be careful if you partner with third parties to sell or purchase information.

Give Consumers Control Over Their Data

Criminals don’t need a password or sophisticated hacking skills to access customer data. If you allow information to be stored on the device, or permit customers to save their passwords, stealing the physical device is all it takes. Combat this by giving consumers control over their data. Allow them to remotely wipe data if the device is stolen. Otherwise you’ll be left with few options to help a consumer who loses a smart phone.

Practice Intelligent Coding

Writing code by hand is a pain. That’s why most business hire contractors, or borrow code from coding sites or other apps. Criminals know this. That’s why they’re keen to insert malicious code into strings of seemingly well-written code. Be on the lookout for this practice. Test each line of code, and only hire people who will be judicious in their use of borrowed code. There’s no shame in borrowing code, of course, but if it’s not from a trusted source or you never test it, you could inadvertently write the cyber attack directly into your program.

Know What a Strong Password Looks Like

Passwords at every level -- on employee email accounts, consumer app accounts, servers, and at every other entryway -- are a powerful tool in the fight against cyber attacks. Unfortunately, people prefer the easy route. That means they choose weak passwords, then reuse them over and over. Companies also routinely implement outdated password rules, requiring letters, numbers, and bizarre combinations. The best password is one that’s easy to remember and hard to guess, even by a brute force attack. That means the best password is a long one.

Educate customers and employees about this fact, and require them to devise long passwords, then change them frequently. Doing so blocks the first entry port to your business, and can stall some of the most devastating and common cyber attacks.

AppSolid offers cloud-secured, industry-leading binary protection. We take the guesswork out of security, freeing you to run your business.

Cloud Based App Security Start Now

Topics: Cyber Breach, Security Threats

Sung Cho

Written by Sung Cho

Head of Marketing at SEWORKS Co., Ltd.