In the last of our three-part series on cyber-security, we're going to talk about how you can create a culture of security to prepare your employees to avoid the single biggest threat: human error.
Last week, we outlined some of the reasons cyber-security matters for small business. This week, we're going to provide you with some basic tools to help secure your Web site.
Recently, I attended a Cyber-Security Summit organized by the Arizona Technology Council. After attending many of these events in the past few years and through conversations at the many events I’ve attended, it’s clear this is still an important topic of education for small businesses. I’ll try to cover, not just the reasons for concern (hopefully without scaring anyone into giving up their smart phone entirely), but also some tips on how to prepare your small business for the ever-changing cyber-security threats.
When it comes to product development, whether it's digital or not, there's an on-going conversation between the person behind the actual production and the person guiding the process. This is important because it helps to clarify the vision, validate the work as part of the creation process, and ensure everything stays on track. Unfortunately, it's inevitable that somewhere along the line, a request will be made that impacts the original scope. This is called "scope creep" and it needs to be managed carefully.
We recently started to map out a proposal for a new project. This particular project meant working around an existing relationship with a staff developer who maintains a version of the app for another platform. As we moved through the process of crafting a proposal to meet their needs, a number of questions came up, including the question about security.
Most small businesses rely on an outsourced Web designer to manage their Web site. With the economy improving, not all of those resources are sticking around. They are instead heading back to work for other companies themselves and they all handle the transition differently. Some are great - providing their client with well-documented processes and information about their site. Many simply fade away. If you're outsourcing your Web design and development to a freelancer or independent firm, here's a few tips on making sure you're ready if you're forced into a transition.
Failure to plan is planning to fail.
We've all heard the old adage, but with software, failure should be part of any plan. This isn't because we want or even know that failure will occur. We certainly don't want the application to fail, but disaster happens. It could be a fire at the data center where the application is housed, infiltration by a malicious hacker, or any number of things that cause an application to fail. What's important, though, is that you have a plan in place to get back up.
Over that past few years supporting applications, I've received multiple requests to not timeout (either at all or less frequently). From a user's perspective, it's frustrating. You get up for a cup of coffee between work and get distracted by a quick conversation or the ding of email. You come back to the application, click, and you're required to log in again. There's a number of standards for the length of login timeouts, but everyone has their own opinion and each industry has different specific requirements.
Building a platform with security built-in from the beginning isn't a common occurrence. Many freelance developers or small development teams consider security late, if at all, which results in what we call "bolted-on" security (versus "built-in" security). Bolted on security, while still security, tends to poke a lot of holes in an application. Here are three things to discuss with your Web team about before you start the next project or enhancement.
Recently, a class-action lawsuit was filed against 21st Century Oncology. In it, the medical provider is accused of storing patient data in Joomla. Since we primarily use Joomla as a content management system, this story was interesting, particularly when you look at the lawsuit attorney's comments.
This week, it's time for information about digital security and what you can do about it. When I previously discussed security, I mentioned that the tone when people talk about digital security, privacy, and recently hacked companies is dire, but I want to focus on what you can do about it. Recently, Entrepreneur published two great articles on the topic, one broadly covering the topic and the other specifically addressing the issue of employee theft.
There's been a lot happening in the news recently about stolen passwords, breaking into sites, and other illicit activity. It's important to understand that it's not if you get targeted, it's when. Unfortunately, this is the simple truth of living and doing business in the Internet age. While you may not be able to stop every attempt, it is possible to protect your Web site with some simple steps and easy to install software.