7 Companies Who "Get" Security, and What We Can Learn From Them
It’s tragic to witness a small business, which has worked extraordinarily hard to build itself into a legitimate and successful company, get harmed by a security threat.
As if small business owners didn’t already have enough to worry about, now they must also invest in sound security infrastructure to avoid a similar conundrum. Did you know that 43% of all hackers go after small businesses as their primary targets?
You see, security is never something you do just once – it’s an ongoing process.
Companies with massive targets on their back must always reexamine their security strategies, and implement new measures to stay a step ahead of the bad guys. Therefore, by studying secure small businesses, we can learn from them.
Here are seven small businesses who do security the right way.
Cloudflare has the lofty ambition of “helping build a better Internet,” and their security measures certainly reflect their goals. The company is known for its development of a fast CDN, strong Firewall, DDoS protection, TLS edge, and DNS security for many Fortune 500 companies.
Cloudflare cares about cryptography, using both TLS 1.3 and ChaCha20-Poly1305 authentication for security. Translation: they use the strongest encryption techniques available today. Cloudflare also works with GoLang – a programming language known for security and efficiency.
Cloudflare is also extremely easy to implement. It only takes five minutes to set up, and reduces the time needed to deploy new policies across all your employees. It provides a smaller attack surface – less areas for hackers – by moving more public APIs to the cloud, and therefore increasing third-party integrations.
Slack is a messenger service that actually seems to care about the privacy of its users. There is perhaps no greater risk on the internet, for private information getting exposed, than through messaging apps.
In addition to taking the security of its customers’ information very seriously, Slack has also helped raise social awareness about a variety of issues, including the ImageMagick scandal. They regularly reveal their log analysis to help keep users informed, and their push notifications train users on secure practices.
Sometimes all you need to build trust with customers is demonstrate that you’re actively updating your own security, and truly care about their personal security and safety. Slack is a prime example. Their policies and standards should serve as a blueprint for a lot of other SMEs.
The large number of third-party audits the site implements helps customers see for themselves what they are doing, and how the security is working through partnerships like the one with Cloud Security Alliance.
Surfshark is an application that encrypts your web traffic, ensuring that your private data doesn’t fall into the wrong hands. Encryption was once the domain of math whizzes and government researchers, but now it’s an essential part of doing business online. What changed?
You may have heard the saying, “data is the new oil.” This references the increasing rate with which people generate data about themselves and their behavior, but also the value of this data for companies who analyze and profit from the data. At first glance, this is a good thing. It’s a sign that technological innovation is happening quickly, and our personal and professional lives are benefiting as a result. However…
As the value of our private data increases, so too does the number of people who want to get that data – without our permission. This is where Surfshark comes in. The application makes use of a virtual private network or “VPN,” which essentially lets you connect to the internet with complete peace of mind.
Surfshark differs from other such applications in they don’t track even the slightest amount of user information, nor does it “leak” IP addresses (in other words, it doesn’t reveal the physical location of its users). In multiple independent tests, Surfshark users found zero DNS leaks, meaning that no data could have made its way into the wrong hands.
Surfshark is an important role model in the web security industry. Many companies in the space have “good” security, but don’t tick all the boxes. As we’ve seen time and time again, all it takes is one small misstep for a company to be hacked, exposing their customers’ private information.
3dcart is an ecommerce website building software that allows merchants to set up an online store, and sell their merchandise quickly. As the online commerce space continues to grow, particularly with huge competitors like WordPress and Shopify, customer security and privacy have become even more important than ever before. In fact, hackers are now accounting for around 90% of all login attempts at online retailers.
Online transactions require extra layers of security in order to keep a customer’s identity private. Exposing or compromising personal information is a surefire way to destroy the reputation of your SMB.
Protecting that information is easier said than done. Cyber criminals are always adapting, and finding new ways to attack ecommerce platforms. How does 3dcart protect its users? First and foremost, their knowledge base is a fantastic resource for understanding ecommerce security, and how we can all improve from it.
Second, a feature of 3dcart called 3D Secure 2.0 has implemented several new strategies for ecommerce. It has helped shift the responsibility of fraud prevention from the merchant to the payment provider, saving merchants time and money dealing with fraudulent chargebacks.
The verification layers on 3D Secure 2.0 check spending patterns, the device the customer is using, and other extra security measures to verify an online identity. The data transfer is seamless, so it doesn’t impact the customer’s shopping experience through browser redirects, or, in most cases, additional authentication verification.
This verification is exactly what strong protection looks like: extremely secure, without negatively impacting performance.
JotForm is a spectacular example of a secure form provider that puts security first. The system uses 256 bit SSL (the same level of protection used for online banking and ecommerce), and is PDI, GDPR, and HIPAA compliant.
Jotform also specializes in PDF editing, security, and encryption. Since many companies collect sensitive information regarding their customers or clients (such as financial information, home addresses, or social security numbers), these companies need to take action to ensure that their PDFs are protected in submission emails. JotForm’s encrypted and password protected PDFs can be the solution for which these kinds of companies are looking.
Moreover, JotForm’s online forms are SSL encrypted by default. So, even if a form is embedded into a website that lacks httpS (and only has http), any data entered into the form fields is still encrypted.
Their secure forms take security an extra mile by not only encrypting the HTTPS during a transfer, but also giving form builders the option to encrypt the stored data as well. Using what’s known as ‘Encrypted Forms’, users have complete control over the information submitted through their forms, which cannot be compromised without a private key.
Does this sound a bit much for a form simple form builder? Keep in mind, every built of information we enter in online – our name, email, phone number, and address – all starts by filling out form fields of some kind. Consequently, you should always rely on a provider that not only SSL-secure forms, but encrypted ones as well.
Accuranker is a keyword ranking tracker application, founded in 2013 in Denmark. Today they’re known for being one of the fastest and most secure marketing tools. The application enables you to track both your website and your keywords at an instant, and alerts you immediately if there are any major developments with your rankings.
In the event of a major drop in your rankings, it can be easy to go into what is commonly called “SEO Panic Mode.” A drop in rankings can be caused by any number of actors, including low quality content, lack of quality marketing keywords, technical on-site issues, algorithm updates, Google penalties, and more.
This is why you need to ensure that you keep your keyword history data absolutely secure, because when you lose that data, it’s catastrophic. One of the best things that you can do to keep that data available to you at all times is moving it to the cloud, as Accuranker has done. Following Accuranker’s lead, nearly all major rank trackers followed suit and moved to the cloud.
Using cloud-based applications is one of the best marketing decisions small business owners can make. It saves time and money over the long run, but more importantly, allows you to sleep well knowing your precious keyword data isn’t going to disappear.
Mailbird is a desktop email client that allows users to manage multiple email accounts. The company is also notable because of the fact that they make the security of their client’s email accounts a top priority.
All data sent between Mailbird to their license server is encrypted over a secure HTTPS connection. Furthermore, the company doesn’t read any of their client’s emails, and while they collect your name, e-mail, and data on the Mailboard feature usage, they also give you the option to opt out of that data collection, if you so desire.
Even if it seems like email should be “old-school” these days, compared to instant messaging and social media, the reality is email is as popular as ever. Did you know that it’s estimated over 200 billion emails are sent each day? Most of these are sent via email marketing services like Constant Contact.
That is a staggering amount of information and data circulating the web, and many cyber criminals want to get their hands on it. Today, cyber attacks through email are a big problem, and getting bigger – almost 1% of all emails are malicious (roughly 2 billion per day). Whether it’s annoying spam, or more severe threats like phishing and malware – poor email security threatens small businesses.
Email security and compliance is a must for any good standing small business, and email encryption paired with excellent password security are necessary elements. There are other ways that you can train your staff and set standards for mobile device usage to help with emails getting compromised.
Learn from secure small business and make yours safer
There are companies that get security, and those that don’t. Whether its email, instant messaging, forms, ecommerce shopping carts, SEO optimization, or cloud-based services – security layers need to be implemented on all levels of your small business presence online.
This article originally appeared in Constant Contact Blogs.