2

7 Ways to Make Sure Your Digital Startup More Secure

When we launch a digital startup, we tend to be focused on market reception and growing the number of users. Protecting the value of our successful business? Well, that’s one of those “nice to have” problems that we’ll worry about when we get there, right?

Wrong!

The time to protect the value of your business is at the very beginning, not after it has become an enormous success. There’s nothing terribly complicated about protecting your business, nor should it be that expensive for basic protections. Here are seven key things I’ve learned over a decade of involvement in digital startups:

1. Create Legal Documents

Most digital startups require a relatively standard set of legal documents. For each state, these documents will vary to some degree. You’ll be able to easily look up the business document requirements for your state online. 

But, whichever state your business is located, putting these documents in place is every bit as important as the funding or financing for your business. In addition to the standard required documents, you should also add these documents:


     Non-Disclosure Agreement (NDA)—Used to protect trade secrets, intellectual property and proprietary information, NDAs protect your startup by safeguarding your company’s Intellectual Property (IP). 

     Before you discuss your app idea with anyone–even in vague terms–you should get a signed NDA from them. This document will make the signers liable for damages if they disclose your idea to anyone or otherwise try to improperly use your property.

     Vendor Agreement—Whether you're planning to start a tech company or a non-tech company, signing a Vendor Agreement can ensure the event is a positive and profitable experience for everyone, and that unpleasant surprises or problems don’t crop up.

     Employee Agreements—Startup CEOs and founders should draw up clear employment contracts and offer-letters when hiring new employees. These legal documents are key to ensure employees understand what’s expected of them, especially in the event they leave the company.

2. Store Your Source Code to SVN

One of the fastest ways for your business to lose value is by being reckless with its source code. The code on which your website, software or mobile app is based is your digital startup’s greatest asset, and it is very easy to steal if you aren’t careful with it.  An example of source code carelessness would be storing it in Google Drive files and then sharing access to those files, or doing the same thing on a Dropbox account.

Apache Subversion, commonly known as SVN, is a software versioning system that provides convenient accessibility and excellent security.

SVN lets you limit access to directories and files by user, so that developers can be working on part of your code without you having to share everything with them. Because of its centralized nature, Subversion offers better management of binary files out-of-the-box, as only the working tree is on client machines.

You’ll also find SVN to be a safer repository for your code-change history, as it can be accessed only through a centralized server.

3. Secure Your Customer Data

Security of your digital product (Mobile, web or cloud app) is important, especially when dealing with sensitive customer data. There are hackers out there specifically looking for new apps and websites that are not well-secured and can be easily hacked through vulnerabilities or bugs in software code.

Here are few things you can do to prevent the hacking of your customer data:

     Apply security best practices to software, including the use of source code scanning tools that can help make software resilient to malicious attacks.

     If you are accepting payments, use a gateway to store all the payment-related data. Do not store any payment-related data on your server.

     Any data that you store in your server or software should be encrypted using TDES or AES encryption methods.

     Avoid collecting personally identifiable information such as dates of birth, Social Security numbers, or other sensitive information.

     Protect Passwords as though they were gold.

     Secure data in transit using client and server-side encryption by implementing SSL certificates on your server.

     Make sure your team knows how to avoid XXS, also known as "cross-site scripting," which, statistically, accounts for more than 80 percent of all documented security vulnerabilities.

     Code Injections is another common vulnerability of startups. Although rarer than XXS, Code Injection can cause devastating damage to your business by exploiting some common types of bugs in your software. Standard security practices can safeguard against such vulnerabilities.

4. Verify Your Users

A growing user base is essential to the success of your business. However, you want to verify your users to make sure they are genuine people and are not signing up for your product just to commit fraud. User verification is the most reliable and effective way to apply vital account security measures.

Here are some of the steps you can take to verify your users:

     Via email or text message, send them a link to click and confirm the account. Don’t allow them access to your application until their account is verified.

     If yours is an eCommerce product, perform a verification of their payment method prior to approving their account.

     In some cases, you may want to employ more advanced verification methods, such as setting up finger-touch recognition or driver’s license verification.

     A fast, convenient, and relatively secure method of verification is to require logins via Facebook, Twitter, or other social media login credentials.

5. Regularly Test Your Code’s Vulnerability

As an owner of a digital product, you should regularly test your software for code vulnerabilities. This will help you stay ahead of threats and ensure that your code is solid. Here are some tips:

     There are plenty of software security vulnerability scanners available to give you detailed information on the quality of your code security. There are also manual methods you can learn to do. 

     Software and application developers can use vulnerability scanning software to both detect and remedy application vulnerabilities in code.

     Cloud-based services offer a systematic approach, delivering a simpler and more scalable solution for reducing global application-layer risk across web, mobile and third-party applications

6. Implement Analytics

It’s not all about the number of downloads. You also need to learn how, when, and where your downloads are occurring. Analytics will help you to collect information about your app’s user activity. There are number of app analytical tools available in the market. Some are free, such as app store analytics, Google analytics, Google Tag Manager, etc.; or you can buy or lease more elaborate, full automated tools.  Whichever tool you use, here are some of the types of data you should track:

 ●     IP addresses, which can tell you the location and network information of your users. If you see suspicious activity by a specific IP address, you can block it from using your software.

     Geolocation via GPS or IP address, which can limit your application to use in a specific area or region, simplifying operations and saving bandwidth.

     Failed attempts, which can identify users attempting unauthorized logins or other actions. Once identified, these users can be blocked.

 If you have complete data on who your users are, where they are, and how they are using your software, you’ll be able to more easily improve both the quality and security of your product.

7. Create and Share Your Privacy Policy

Your startup needs a written security policy covering all the possible scenarios of a hack and customer data theft. If you do not have a Privacy Policy, you open yourself to legal actions by customers or competitors. Your Privacy Policy should include an introduction, information on how and when information is collected, and where all information is stored, as well as how your company will use it.

In addition to providing you with a legal safety net, your Privacy Policy gives you an opportunity to explain your company’s reasons for collecting information, which can demonstrate your professionalism and your respect for your customers and visitors.