The eternal topic: security!

Software keeps evolving, new security gaps are found and fixed with updates, and new features are added. Updates are a totally normal part of every system's life cycle. So, we can't say it enough: updates, updates, updates—all the time, not too early, and definitely not too late!

Too early?

Yeah, that happens.

You don't have to adopt every new version immediately—our developers check everything and only give the go-ahead when they are sure that any teething problems have been ironed out.

Too late?

Unfortunately, that happens far too quickly. If you wait too long, the update becomes more and more complex. At some point, you may not even want to tackle it anymore, and then you're stuck with a shop where nothing is secure anymore.

That depends on your system. But let's take a simple example: You have a website with a shop system. Your clients find you on the internet. Let's imagine this as a building.

1. The server has a basic framework, a foundation. This holds up the surface on which your site and shop are built. The framework has connection points and access points, all of which are helpful and useful, but also need to be secured.
2. Your website and your shop are located on the surface. They also have a foundation and framework that need to be maintained, and they have doors and windows where the locks need to be reinforced from time to time. Perhaps you also use extensions and plugins (to stay with the metaphor: a large shop window or a beautifully designed terrace), which also need to be secured.

In summary:

In order for your clients to see the site, a whole lot of systems are built on top of each other, and each one needs to be maintained. If you cut corners here, you are offering potential attackers a way into the system.

When we offer you updates, we don't do it for fun. Please let us help you.

This may sound trite and you've probably heard it too many times, but: data security and password security, both online and offline.

Your clients' passwords and data

1. Secure storage means encrypted storage. This should be the absolute minimum standard, but unfortunately it often isn't in older systems. Is this the case for you? Find out – we're happy to help.
2. Do not store customer files anywhere unsecured. Once someone has access, your data is on a silver platter.
3. Observe storage periods! The GDPR stipulates which data may and must be stored and how.

Passwords and data of your employees.

1. Please use secure passwords. 12345 is just as outdated as qwert, mandarin, god, and password.
2. Change passwords regularly.
3. Don't write down passwords. No, not even the password for the office computer. And definitely not on a piece of paper that's left on your desk, hidden under the keyboard, or stuck to the screen.
4. Change passwords when someone leaves the company. All of them? Yes, all of them. This also fulfills point 2 once again.

Our tip: Use a password manager and set internal standards that everyone adheres to. We're happy to help!

Don't follow the example of German teenage drug lord “Shiny Flakes,” whose computer would have been virtually unhackable—if the police hadn't found his password in the trash. And of course, you shouldn't deal drugs either.

We hear this question from time to time.

The answer: a whole lot.

For example, attackers can copy your customer data. This happened in 2018 to the children's chat portal knuddels.de – and some of the data was stored unencrypted. Such access must be reported, and the data protection authority will then take action, imposing penalties of several tens of thousands of euros.

In the case of knuddels.de, the fine was €20,000, which was low because the company cooperated. Together with improvements to IT security measures, the costs ran into six figures.

Your clients must also be informed about what happened to their data. If credit card or account details have been compromised, they must have the opportunity to take action. This will inevitably cause fear, worry, and annoyance. If damage has been caused, they also have the option of claiming compensation.

Apart from the significant costs, a data leak also costs you something else: the trust of your clients. Nobody wants their address, account number, credit card details, and name distributed online. It's bad enough when it happens, but imagine if it comes out that the leak could have been avoided, that the data was stored unsecurely, and that the whole mess was actually your fault. Now you have clients who will rightly never say a good word about you again – and who may also vent their displeasure online.

Here is an example. The video is  very technical, but if you are not interested in the details, the key takeaway is this: it takes the hacker ten minutes to obtain the admin password for his example site. And if he did not take the time to explain his actions, it would probably take even less time.

https://www.youtube.com/watch?v=WXQDruIyPGE

Do you have a system that you are unsure about? Get in touch with us! Together, we will develop a security concept, update your software, and find the most secure and simplest solutions.