Although hackers seem to be making headlines more often than ever, 63% of website managers admit that they don’t use common security measures, according to a new survey by Clutch, a B2B ratings and reviews firm in Washington, DC.
For businesses thinking of investing in an app, this reluctance to tackle security policies could create new problems down the line. Without proper security they are only creating new avenues for hackers to attack their business.
This gap between knowledge of security features and adoption of them reveals a major pain point for organizations.
1. Review your app login page
How do you access the back end of your app?
You can think of that page as the front door to your app–and by extension, your business. If you were a secret agent on the run, you wouldn’t choose a house on Main Street with your name on the mailbox. You’d want to choose some place that’s a little off the beaten path.
Similarly, you should put a little effort into disguising the login page you use to access your app’s administrative pages. Spash pages with obvious URLs (“www.myapp.com/login,” for example) are like the house on Main Street: They make it all too easy for hackers to come knocking.
Once a hacker finds your login page, all they have to do is guess your password, and they’re inside.
By making it more difficult to find your login page, you can add an additional layer of difficulty that will discourage hackers. Try a URL that includes random characters, remove links to the login page from your website, and limit sharing the login URL beyond employees who need access.
2. Secure your app’s input fields
As hackers hunt for ways to enter your site, input fields may attract their attention. If your app has places for users to leave comments, send messages, or otherwise input text, hackers may attempt to inject damaging code.
This kind of attack could allow hackers to manipulate or delete a database, gather email addresses to use in phishing attacks, or access financial or otherwise private information that belongs to your business or users.
There are a few ways to guard your input fields against hackers. First, you can implement form validation. This is code built into your app that will prevent your app from accepting harmful scripts. It will help your app automatically differentiate between a harmless comment posted by a user and text that contains commands that could hurt your business.
Another popular security tool is called CAPTCHA (which stands for “Completely Automated Public Turing test to tell Computers and Humans Apart”). CAPTCHA appears in several variations. Users are typically asked to correctly identify parts of a photograph, type distorted text, or check a box signifying that they are human users and not a swarm of bots sent to overwhelm a website.
Though CAPTCHA is less common on apps, it’s a useful tool for apps that are also accessible in desktop browsers, such as Instagram.
3. Audit information gathered during onboarding
Now that we’ve covered strategies for implementing security tools, let’s take a step back to think about what information hackers may be hunting for.
When users access your app, chances are you require them to share some of their information. This could be in the form of a username and password, an email address so they can receive notifications, or requiring access to the user’s GPS. When it comes to websites, visitors’ email addresses (57%), names (47%), and locations (45%) are the most commonly collected data points.
Hackers find this information valuable because it contains clues that can help them unlock a user’s internet presence elsewhere. For example: How many of us use a variation of our name for a username? What if a percentage of your users maintain bank accounts with location-based credit unions?
Email addresses may present the greatest level of risk to your users. Almost every account we open requires an email address that is used to share news and updates, reset forgotten passwords, and more–meaning that a hacker in possession of a user’s email address could tug that thread across much of their internet presence. As a first step, be sure that your users create a username that isn’t the same as their email address.
After auditing the information your app collects, ask yourself the following questions:
- Is there a strong business reason for collecting the information?
- Does the information you collect help you serve users better?
- Is the information necessary for the app to function?
If any of those questions could be answered “no,” it may be best not to collect that information moving forward. By limiting the amount of information you need to safeguard, you can take a first step toward simplifying your app’s security needs.
4. Implement encryption to safeguard users’ information
Now that you’ve identified what user information is necessary for your app, it’s time to take action and determine what security measures you will need to implement.
Clutch’s survey found that 48% of website managers store the information on their website; 46% store information on a third party app, such as Dropbox, and 25% store information offline. No matter where you are storing your users’ information, encryption is a strong security option.
Encryption is a method of translating your data into code that looks like gibberish at first glance; even if hackers manage to intercept the information, they wouldn’t be able to immediately understand its meaning. Meanwhile, mathematical keys allow you and your employees to access the decrypted data without cumbersome password logins, improving user experience and encouraging adoption.
Let’s say you manage an app that uses GPS and texting to alert users of happy hour deals nearby. By encrypting the databases containing users’ information, you can ensure that hackers don’t access their private information, which could be used to bombard them with phone calls or trace their movements.
Though implementation of encryption is still below 50%, it appears to be increasing. About 40% of website managers already rely on encryption in their mix of security measures, and 21% plan to implement encryption in 2017.
Security is essential to building a great app
After putting so much work into designing, marketing, and maintaining a great app, the last thing you want is a security breach that could derail your users’ trust.
By relying on secure login pages, safe input fields, limited information collection, and encryption, you can build an app that’s not only creative and helpful, but one that’s safe and reliable for your users.