The Executive Director of the Identity Theft Resource Center offers some actionable steps you can take in the decision making process when choosing the right app development agency for your projectBy
By Eva Velasquez, President/CEO at the Identity Theft Resource Center
Since the beginning of the year, there have been multiple attacks on data infrastructure across multiple sectors. According to the Identity Theft Resource Center, there has been over 80 data breaches since the start of 2016, leaving over 1,600,000 records exposed.
Just this last week, a CEO from an L.A. hospital had to pay $17,000 in bitcoins to hackers who held their computer systems captive.
If you’re planning on creating an app and working with personal information, you need to take steps to protect your users’ information. While you may be simply sharing your products or non-essential information like location or store hours, you will likely be gathering personal information from your users.
To reduce the risk of litigation, here are a couple of things you can do in protecting your app against data breaches:
Ask For References
Before you sign a contract, you need to request references. After all, the organization’s work will be the mobile face of your company. As a result, any data breach or security considerations will be on you — not the person who performed the work.
Get the names of other companies whose mobile apps they have designed, and contact those companies for a recommendation. This step might seem time-consuming, but it’s nothing compared to sending out data breach notification letters and paying for credit monitoring after your customers’ credit cards are stolen.
Have a Concrete Feature List
Knowing now to define security features for a mobile app is crucial when hiring an app developer. You must let them know upfront what your business plans are for the app, what information you plan to gather from your customers, and what security features you can expect. You can do this by putting together a comprehensive feature list.
You want to know going in what data protections will be in the app. Don’t assume the agency are security experts. A software development agency and a security specialist are not the same. The security requirements of the application need to be in the application, and you can’t leave it entirely to the software agency to figure it out.
Identify the Team Working On Your App
One of the realities of working within software development industry is the fact that the person who builds your application might not do all the work. Agencies and freelance developers share in many of the same aspects as your company. They need to augment costs and workloads. To do so, they outsourcing their work, they partnered with other developers.
Get a detailed list of all the individuals — both in-house and outsourced — who will be working on your project. “Inside Job” data breaches are a reality, and you want to limit your exposure and potential harm to your customers as much as possible by ensuring you have a trusted team. If the application you want to build is working with sensitive information, ask for background checks and certifications of anyone who’s working on your project.
Ensure Safeguard in Regards to Employee Access
No one likes to think of their employees as being the reason customers’ information is leaked. Sadly, it is the reality. It isn’t always intentional. Accidents happen. Employee’s computers get stolen, vulnerabilities in software are exploited, and more. While there will always be security breaches, professionals working on your application should have protocols and safety measures to minimize the risk.
As a rule, you should always have your application designed in a developer sandbox, where contracted workers would never have access to user data. If developers need access to the live application, where real user data is being exchanged, identify sensitive information points and restrict access to those points.
If the worst happens and your mobile application is breached, it won’t be the developers that the victims hold responsible. It will be you and your company. Just having a promise that your app is going to be secure isn’t good enough. Take these extra steps to help protect your customers (and your company) so you can enjoy the world of mobile apps instead of having a high-tech nightmare.
Eva Velasquez is the President/CEO at the Identity Theft Resource Center, a non-profit organization which serves victims of identity theft. Velasquez previously served as the Vice President of Operations for the San Diego Better Business Bureau and spent 21 years at the San Diego District Attorney’s Office. Seamgen is a proud sponsor of the Identity Theft Resource Center.