Start-Up Secure. Chris Castaldo

Читать онлайн книгу.

Start-Up Secure - Chris Castaldo


Скачать книгу
the Internet. For example, if someone was able to intercept that email when it leaves your email provider's servers they could read the entire contents. For many start-ups, it is not feasible to build and maintain their own email server, so they rely on services like Google Workspace (formally G Suite)1 or Microsoft O365.

      It is important to establish an enterprise-level email account once you register your company domain name. Operating from your personal Gmail, Live, Hotmail, or iCloud email limits the security controls you can place around your account, and does not lend to the credibility of your start-up.

      It is critical to understand the difference between free and paid versions of the same product as well as to read through the terms of service. Most of these platforms encrypt data when it travels over the Internet but may not store it in an encrypted state. The ability to scroll back to the very first message is convenient but also comes at a risk cost of that data being stored somewhere, possibly encrypted. And if that service provider suffers a data breach, it could reveal your chat logs. If it is critical to have total confidentiality and integrity over the messages or data you need to share, then don't use chat platforms.

      Every year in those reports, the compromise of usernames and passwords are at the top of the list of initial causes of those data breaches. You should treat your usernames and passwords (i.e., credentials) as you would your new amazing start-up intellectual property. Protect them at all costs. Many of the services I discuss in this book provide extra layers of security you can enable called multi-factor authentication (MFA).

      The use of MFA is a business requirement today and can drastically reduce, if not eliminate, the possibility of someone that has stolen or guessed your credentials from logging into your account. There are various forms that MFA can come in; a text message is one of the most popular capabilities. However, as we have already discussed, text messages can be insecure.

      Multi-factor authentication requires you to enter an additional piece of information when you log in with your credentials. You might even already use a feature like this with your bank where you receive a code via text message that you have to enter to complete the login process. While not all services you use will have this capability, you should enable it immediately, especially if you are like 80% of users that reuse passwords across many sites.

Photo depicts Yubikey Product Line.

      Source: https://www.yubico.com

Photo depicts Google Titan Security Keys.

      Source: https://cloud.google.com


Скачать книгу