Innovation and Security: How to Combine Both in Digital Transformation

Guest Post by Connie Benton

The last couple of decades have been nothing but an unstoppable drive for innovation. The problem is, innovation often comes with new risks. Many people immediately think of Tesla's unfortunate 2018 accident involving faulty autopilot.

Risk is a huge problem for the self-driving cars industry, but security issues stifle digital innovation as well. A survey by Webroot found that 400 out of 500 senior decision-makers in the United Kingdom believe that cybersecurity risks prevent innovation.

If that's true, how can innovation and security intersect? Read on to find out. And even if you’re not creating the next big thing in tech, it’s a good idea to implement many of these tips in your business of any type. 

What risks does digital innovation pose?

The biggest risk when it comes to digital innovation is data breach. This may not have been a huge issue just a decade ago, but now websites and apps gather huge pools of information on their users in an effort to personalize their experiences.

An average database consists of a massive amount of personal information including names, email addresses, passwords, and possibly linked banking accounts of users. If any of this information is mishandled, it opens up an opportunity for identity theft and fraud.

Commercial apps and websites that gather data on users are suffering plenty from this problem, but it hits government apps even harder. Imagine a data breach in a social security app, and you can understand why making government services more accessible online is a huge feat.

But you’re probably not creating an app for your state, you just want to innovate to better serve your customers. Here are three main steps that you need to go through to make sure your business pivots are both innovative and secure. 

1. Implement cybersecurity best practices

Before you set out to create a piece of innovative tech, you’ll need to implement all of the best practices that the cybersecurity industry has developed over the years. This starts with the most basic things.

Keep everything password-protected

You’d be surprised how many data breaches happen because the developers forgot to put a password on a database that’s meant to be private. In 2017, Verizon suffered a breach that led to 6 million accounts being exposed.

Why did that happen? It turned out, employees stored data publicly, with no password, so the hackers didn’t even sweat it to get their hands on private user information.

Don’t make this easily avoided mistake and protect your databases with a strong password that changes monthly.

Utilize two-factor authentication

The next big cybersecurity threat is social engineering attacks, also known as phishing. These allow hackers to defraud users out of their passwords to your platform. From there, they may be able to defraud them of money or identity information as well.

The easiest way to prevent this is to have a two-factor authentication system in place. Then, even if the password is compromised, the fraudsters won’t be able to access your users' accounts without having access to their email or mobile phone. This greatly reduces the impact of data breaches.

Educate employees

Just like your customers, your employees also can be victims of a social engineering attack. If they happen to have a virus on their laptops and log in to work from home, this can endanger your whole system.

Veronica Seann from Cake HR Software provides a list of tips that help you keep your employees and your company safe:

1. If you have a bring your own device policy or remote workers, let them log into the system with a firewall.
2. Train employees to recognize phishing attempts.
3. Only use work emails for handling secure data.
4. Make a policy of changing the password frequently.

Encrypt data 

The previous three tips will make sure your employees and users don’t fall victim to hackers that go for the low-hanging fruit. If you want to implement advanced measures, look into data encryption.

Some outdated hashing methods may give hackers the ability to reverse engineer the encrypted data. Use the latest and strongest methods of encryption like the Advanced Encryption Standard (AES) and Secure Hash Algorithm 2 (SHA-256) to make sure that’s impossible.

De-identify data

If you do suffer a data breach, ensure your customers don't suffer by de-identifying the data you store. Remove from the database, mask, or store in different hashes all the information that can link personally identifiable data to the stolen data.

Scan for breaches

Don’t let the fraudsters be ahead of you. Scan for suspicious activity that may indicate a breach has happened. If you integrate a data breach scanning software into your system, you’ll be able to act before damage is done.

2. Think like a hacker

With every new technology, with every new sensitive database, comes the potential for abuse. Don’t let the hackers outsmart you. Instead, think about the potential abuse right when you’re developing the architecture for your software.

Look for weaknesses that can be exploited and eliminate them. For instance, you may be storing passwords for a less sensitive database in plain text, but access to that database exposes poorly hashed passwords for a database that contains sensitive information. That’s sure going to be taken advantage of and you need to improve on this mistake.

Dmytro Vdovychynskyi, a security engineer from Preply gives this advice regarding developing a secure software architecture: 

“Thinking about security only in a few contexts or like on one-time action is a disastrous way. Of course, everything depends on organization goals but it must be done in a measurable way and built into development in all stages of the system development life cycle: from planning till maintenance." 

Vdovychynskyi explains that, currently, the two most popular frameworks in software development are OWASP Software Assurance Maturity Model and Microsoft Security Development Lifecycle.

3. Hire cybersecurity testers

Do you store extremely sensitive data like banking information or social security numbers? You may need to take more proactive steps and hire a third-party security testing company to make sure there is no potential for a breach.

This will help you eliminate all the minor data architecture problems you may have. Besides, a cybersecurity certificate will help with building consumer trust.

It’s possible to be both innovative and secure

With the amount of data that companies gather on their customers, corresponding levels of risk are continually increasing. 

However, it’s possible to create something innovative that bears minimal threat to your customers’ security. Follow these tips, and you will be able to keep your customers’ data safe.

Connie Benton is a content writer who helps B2B companies reach their audiences more effectively. With an emphasis on organic traffic and conversion, she takes big ideas and turns them into highly practical content that keeps readers hooked.