Articles

Here’s a Bad Idea… Go Cheaper On Security

David Baxter & Gary Voigt
August 17, 2022

Here’s a Bad Idea… Go Cheaper On Security

You’re a start-up company selling something that requires your customers to provide their credit card to make a purchase (think shoe umbrellas). Your customers are expecting you to have done the bare minimum in securing their information. Problem is your budget is small. And you went with the least expensive developer to be able to accept payments. 

You assume everything is properly set up, including protecting your customers’ information.

I hate to tell ya this, but it probably isn’t.

Putting Your Dream Biz in the Hands of Sub-Par Developers is a Tightrope Walk on a Windy Day

Your customers are trusting that you’ve done due diligence to protect their credit card information, personal information—anything that you ask them to provide—when they engage in a transaction with you.

If you’re building an app from scratch and collecting sensitive information, there’s no guarantee that it’s being done right. Seeing a lock beside the URL doesn’t cut it. All that tells your customer is that their information is protected as it’s being transferred.

You need to ensure that their information is encrypted, transferred, read, encrypted again, and at times stored securely, too.

If you don’t, you’ve paid for an expensive VIP seat to the biggest, most emotional show you will ever see—your business going down in flames.

Not to Beat a Dead Horse, But…

If you plan on approaching investors for your company, one of the questions they’ll ask is:

What are you doing from a security standpoint?

And they’re going to dig in deeper—a lot deeper—to ensure you’re NOT a security risk to them.

Which leads us to a new conundrum. How can you ensure your developer knows what they’re doing?

You Know Your Developer is Pro When

Three things a pro developer knows (that an amateur developer doesn’t):

  1. That you have knowledge gaps
  2. To ask questions to ensure you’re making informed decisions
  3. What you need to ensure security for your customers and yourself

So how can you tell you’re working with a professional?

They’ll confidently answer your questions. They’ll also likely offer information to educate you on what’s going on, what to expect, and why.

They’ll be asking questions—about your business, your customers, your products, your systems—so that they have a solid understanding about your needs and can provide guidance suited to you.

They’ll be able to provide several options to secure sensitive info and be able to give recommendations that best suit your needs.

Three Questions to Ask Your Developer

You can also take it a step further by asking your developer these three questions:

  1. Is sensitive information being encrypted?
  2. Can the developer see the information? (The answer should be “no.”)
  3. How secure is the database? (For example, is the IP address locked?)

If You’re Wavering, Ask Yourself This 

When you’re building your dream business, do you really want to put something as important as security in the hands of a first timer because they’re the cheapest?

No? We can help

Based on an excerpt from our BIZ/DEV podcast, Episode 45.

Dev
Tech
David Baxter & Gary Voigt
August 17, 2022
Podcasts

Here’s a Bad Idea… Go Cheaper On Security

David Baxter & Gary Voigt
August 17, 2022

Here’s a Bad Idea… Go Cheaper On Security

You’re a start-up company selling something that requires your customers to provide their credit card to make a purchase (think shoe umbrellas). Your customers are expecting you to have done the bare minimum in securing their information. Problem is your budget is small. And you went with the least expensive developer to be able to accept payments. 

You assume everything is properly set up, including protecting your customers’ information.

I hate to tell ya this, but it probably isn’t.

Putting Your Dream Biz in the Hands of Sub-Par Developers is a Tightrope Walk on a Windy Day

Your customers are trusting that you’ve done due diligence to protect their credit card information, personal information—anything that you ask them to provide—when they engage in a transaction with you.

If you’re building an app from scratch and collecting sensitive information, there’s no guarantee that it’s being done right. Seeing a lock beside the URL doesn’t cut it. All that tells your customer is that their information is protected as it’s being transferred.

You need to ensure that their information is encrypted, transferred, read, encrypted again, and at times stored securely, too.

If you don’t, you’ve paid for an expensive VIP seat to the biggest, most emotional show you will ever see—your business going down in flames.

Not to Beat a Dead Horse, But…

If you plan on approaching investors for your company, one of the questions they’ll ask is:

What are you doing from a security standpoint?

And they’re going to dig in deeper—a lot deeper—to ensure you’re NOT a security risk to them.

Which leads us to a new conundrum. How can you ensure your developer knows what they’re doing?

You Know Your Developer is Pro When

Three things a pro developer knows (that an amateur developer doesn’t):

  1. That you have knowledge gaps
  2. To ask questions to ensure you’re making informed decisions
  3. What you need to ensure security for your customers and yourself

So how can you tell you’re working with a professional?

They’ll confidently answer your questions. They’ll also likely offer information to educate you on what’s going on, what to expect, and why.

They’ll be asking questions—about your business, your customers, your products, your systems—so that they have a solid understanding about your needs and can provide guidance suited to you.

They’ll be able to provide several options to secure sensitive info and be able to give recommendations that best suit your needs.

Three Questions to Ask Your Developer

You can also take it a step further by asking your developer these three questions:

  1. Is sensitive information being encrypted?
  2. Can the developer see the information? (The answer should be “no.”)
  3. How secure is the database? (For example, is the IP address locked?)

If You’re Wavering, Ask Yourself This 

When you’re building your dream business, do you really want to put something as important as security in the hands of a first timer because they’re the cheapest?

No? We can help

Based on an excerpt from our BIZ/DEV podcast, Episode 45.

Here’s a Bad Idea… Go Cheaper On Security

You’re a start-up company selling something that requires your customers to provide their credit...

Our superpower is custom software development that gets it done.