Understand the privacy policies before developing your next software.
Every information about user behavior that we consider insignificant, can help companies earn millions of dollars. For example, social media websites show us content based on our interests and actions.
So as software developers it is our duty to keep in mind the privacy of the users as mismanaging them can cause a lot of harm to the user.
- Information about the data being collected like personal information
- It should contain if the user location is been fetched.
- It should contain information regarding the security measures which are followed to secure user data.
- Information about the owner of the website/application
- Most importantly, the effective date of that particular policy.
Recent data breach
So here are some of the data breach which happened in recent years.
- Microsoft (December 2019): https://msrc-blog.microsoft.com/2020/01/22/access-misconfiguration-for-customer-support-database/
- Wattapad (December 2020): https://support.wattpad.com/hc/en-us/articles/360046241911-Statement-Regarding-Recent-Security-Issue-
- Bluekai Oracle: https://www.forbes.com/sites/jessedamiani/2020/06/19/oracles-bluekai-spilled-billions-of-records-of-web-tracking-data/?sh=49ef19a82c47
So from these data breaches what we can learn, many times even after following best practices you might have unknowingly missed some security measures which could lead to the data breach. So it is always better to spend some time firstly sharing with users what you are fetching from them and secondly to understand about the security measures you could take.
Points to keep in mind while as a Software Developer
Tell the user what application is fetching
- User name
- Email id
- Credit card information
- Bank information etc
Store all the important value in an encrypted form, although firstly your database server should be secure enough that no one in their wild dream can get into it and fetch your data.
But just to be double sure store your credentials in encrypted form, the reason being even if someone is able to get the data, they cannot understand anything out of the data.
Most of the big organization has faced that the data got breached. This can cost you your reputation.
Take only relevant data
So there is always a greed for getting maximum information from the user, due to the growing age of machine learning and artificial intelligence. More data feed to a machine learning model it will provide much better results.
But users have become more aware of the need to safeguard their data, try to fetch only that much data that is required for your project to run smoothly. Later if you feel that more data is needed, don't forget to let the user know about it before fetching the required data.
Almost every cloud service provider has the option to apply the network policy to allow requests to the server. This policy includes allowing requests from limited IP/opening limited ports which can put a check on unauthorized access to the servers.
Avoid opening all the ports to access the server, it is like leaving a car with a key, and expecting no one will steal it, this will make your life difficult.
Once you have applied network policy, authentication would be another way that can help you in securing your system.
So let's assume somebody has got access to your system, if your database will have authentication in place it would be an extra layer of security. This will prevent the hacker to get access to the database directly.
It is also recommended to run the database on some other port than its default port as it will not make it very obvious to guess the default port.
So privacy policies are meant to inform the users, that what data is been collected/processed so that users know what information they are sharing with you.
- Always try to cover each and every aspect of how you are planning to use the data.
- If you are passing the data to any 3rd party API, do mention that as well. Be 100% sure about the modules/packages you are using since sometimes these could also be responsible for leaking the data.
- Authenticate the database and encrypt important information that will be stored in your database.
Before launching your application for production always have a security check since after the launch the application would be open to the world. Safeguarding your application would be your duty.
If you like the video version more than the text you can go through the following video