In an age where technology is all around us and everything is online by default, there is exponentially more data available on the internet every year. It is more important than ever to ensure businesses keep their data private and have the right security measures in place.
Myanmar stands at the front of this change with a rapidly developing IT sector but, it is important that new IT savvy companies grow in the right way and are aware of some of the risks of doing business online. As co-Founder of Bitspark, a Bitcoin fintech company, nothing keeps me up at night more than security and it’s something that is a constantly evolving field. Below I share the top five ways we use to keep data safe, save money and make any organisation’s life a bit easier in the process.
5. Use “Open Source” where available. Open Source software means the code is freely open for anyone to view, copy and make their own anywhere in the world. When code is auditable anywhere in the world, especially for larger projects it means a different set of eyes are vetting it, for free and security issues and fixes can be found and patched quickly leveraging the crowd. A good example of this is the Firefox web browser which is faster and scores higher in security tests than incumbents like Internet Explorer. Indeed, for most day to day office tasks, you’ll generally find there is an open source alternative (like OpenOffice or LibreOffice) have a look around, you may be surprised.
4. Encrypt sensitive information. If your business holds sensitive customer information like usernames, passwords, names, addresses, billing details, credit card numbers and confidential documents it should be encrypted by default. Encryption is the transformation of data into a form that’s not readable by anyone else without the proper key or password and is fundamental to IT security. Important data – documents, spreadsheets, customer information, website forms – can be encrypted with various local storage devices (hard drives, USBs), open source software (like AEScrypt) and cloud services like Mega. Encryption enforces privacy, is easy (and free) to do and provides your customers and employees reassurance their data is safe from prying eyes. Even in the event your data is exposed it is unintelligible and useless without the proper key.
3. Crowdsourced auditing. Sites like Crowdcurity and Bugcrowd are innovative new examples of leveraging the crowd for high quality, cheap and fast auditing of your website or application. Bounties are paid to security researchers from around the world who compete to find holes in your service which ensures you pay for actual results not time spent and it is active 24/7. This is a much more effective way of ensuring a high quality product than paying a contractor not for results but hours spent. In the past, that contractor would only deal with the code presented to them on any given day. When a new feature may be introduced, a new unforeseen vulnerability may be exposed, rendering prior auditing redundant. Thousands of brains on the task are better than just one.
2. Use a VPN to connect to the net. When connecting to any public wifi while travelling, in public places or other business locations the connection itself could be insecure with your passwords and data vulnerable to snooping and collection by an entity monitoring the network you are connected to. VPNs (Virtual Private Network) ensure you connect directly to another secure server which then connects you to the outside web. All good VPN providers ensure your data is encrypted all the way, they are cheap (or free) and easy to set up. A VPN ensures if anyone was snooping on your connection all they’d see is unintelligible garbled data, ensuring you stay safe when connecting outside your own network.
1. Authentication can be easy. By authentication we usually mean a username, password, and maybe a captcha or a physical number generator. Frankly, all of us would agree our lives would be better if we had fewer usernames and passwords to remember. Many people use the same username or password for multiple applications, which is a security risk. Some organisations force people to change the password frequently or require ever more complex combinations. I stumbled upon a program called Clef and have been very impressed. Clef uses secure public/private key cryptography and enables users to securely login to any supporting website by pointing their smartphones camera at a picture on the screen (the awesome ‘Clef wave’). No username, password, physical key required and no private details being transmitted over the web.
The above mentioned tools, companies and methods we’ve found to be of assistance to us and when applied effectively, we can all help make the web a more secure place. Myanmar continues to attract more IT investment, new undersea cables opening up more bandwidth, and bring more customers online through new mobile solutions from Telenor and Ooredoo. Myanmar’s new IT companies have the luxury of learning from the mistakes of the past elsewhere and leapfrogging the competition adopting the latest new technologies from day one and providing real value as the sector grows.
George Harrap is the founder and CEO of Hong Kong-based Bitcoin startup, Bitspark. He can be reached at email@example.com. Views and opinions expressed here are the author’s own and don’t necessarily reflect Myanmar Business Today’s editorial opinion.