Here’s a Bad Idea… Go Cheaper On Security
You’re a start-up company selling something that requires your customers to provide their credit card to make a purchase (think shoe umbrellas). Your customers are expecting you to have done the bare minimum in securing their information. Problem is your budget is small. And you went with the least expensive developer to be able to accept payments.
You assume everything is properly set up, including protecting your customers’ information.
I hate to tell ya this, but it probably isn’t.
Putting Your Dream Biz in the Hands of Sub-Par Developers is a Tightrope Walk on a Windy Day
Your customers are trusting that you’ve done due diligence to protect their credit card information, personal information—anything that you ask them to provide—when they engage in a transaction with you.
If you’re building an app from scratch and collecting sensitive information, there’s no guarantee that it’s being done right. Seeing a lock beside the URL doesn’t cut it. All that tells your customer is that their information is protected as it’s being transferred.
You need to ensure that their information is encrypted, transferred, read, encrypted again, and at times stored securely, too.
If you don’t, you’ve paid for an expensive VIP seat to the biggest, most emotional show you will ever see—your business going down in flames.
Not to Beat a Dead Horse, But…
If you plan on approaching investors for your company, one of the questions they’ll ask is:
What are you doing from a security standpoint?
And they’re going to dig in deeper—a lot deeper—to ensure you’re NOT a security risk to them.
Which leads us to a new conundrum. How can you ensure your developer knows what they’re doing?
You Know Your Developer is Pro When
Three things a pro developer knows (that an amateur developer doesn’t):
- That you have knowledge gaps
- To ask questions to ensure you’re making informed decisions
- What you need to ensure security for your customers and yourself
So how can you tell you’re working with a professional?
They’ll confidently answer your questions. They’ll also likely offer information to educate you on what’s going on, what to expect, and why.
They’ll be asking questions—about your business, your customers, your products, your systems—so that they have a solid understanding about your needs and can provide guidance suited to you.
They’ll be able to provide several options to secure sensitive info and be able to give recommendations that best suit your needs.
Three Questions to Ask Your Developer
You can also take it a step further by asking your developer these three questions:
- Is sensitive information being encrypted?
- Can the developer see the information? (The answer should be “no.”)
- How secure is the database? (For example, is the IP address locked?)
If You’re Wavering, Ask Yourself This
When you’re building your dream business, do you really want to put something as important as security in the hands of a first timer because they’re the cheapest?
No? We can help.
Based on an excerpt from our BIZ/DEV podcast, Episode 45.