Focus on User Security and Data Privacy
Stories of data leaks and privacy breaches are fairly common these days, but they somehow catch us by surprise every time. That’s because users are outraged when a new leak happens. Overall, not much is being done to address cyber security but at least one group is trying to change that.
Stay Safe Online, part of the National Cyber Security Alliance, designated January 28 official Data Privacy Day. Started in 2008 as an extension of Europe’s Data Protection Day, Data Privacy Day is intended to “empower people to protect their privacy and control their digital footprint and escalate the protection of privacy and data as everyone’s priority.” From Stay Safe Online:
In our online world, data is free flowing. All of us—from home computer users to the largest corporations—need to be aware of the personal and private data others have entrusted to us and remain vigilant and proactive about protecting it.
Though Data Privacy Day has passed for this year, it should serve as inspiration to consider user security and privacy year-round.
Protecting user data and privacy is a two-fold job. First, you have to make sure your website, software, or mobile app is secure from attacks and “innocent” data leaks (leaks not resulting from a malicious attack).
For developers, there are a lot of angles to consider when it comes to security . Websites have to protect against SQL injections, cross-site scripting, weak password requirements, poorly encrypted data, backdoor access, and a slew of other threats.
Mobile app security involves paying special attention to password requirements, user authentication and authorization, data encryption, and more. Security is such a nuanced field that the best option is to enlist the help of a security-testing expert. Security experts think differently than general software testers, and you’ll need their “hacker” mindset.
The other half of good privacy protection is carefully considering what user information your application or site needs. Don’t ask for unnecessary information or permissions. In a carefully worded privacy notice to which users must agree before using the app, inform users about the features and information your app is accessing.
Be sure the terms of service clearly explain what your company does with the data it collects, how the data is stored, and how long it is kept. Being clear and up front with users gives them the chance to decide if they are comfortable with your company’s data privacy practices and reassures users you take security seriously.
Stay Safe Online has put together several resource pages to help companies tackle the issues of security and privacy. Resources for Everyone offers a collection of studies, articles, and tips, conveniently divided by application type, to help you get a feel for the current cyber security and privacy climate. Knowing this will help you protect your own online data and can serve as a guide as you develop and test apps. Keeping this information and these weaknesses in mind will help you create stronger, safer applications