We live in a digital age where almost anything is possible at the touch of our fingertips. Even a mere 20-30 years ago, “cyber security” or “digital footprint” weren’t terms used in anyone’s daily vocab. Now, more than ever, there is a growing consciousness that our online identity and data needs to be protected. From the apps we use, the sites we visit and information we choose to share online – none of it is “safe”. We’re constantly seeing news articles saying how mega online giants are “selling” our data, or how our data is being used in ways we have no idea about. Netflix released a documentary called “The Social Dilemma” about your data and security that had gone viral and we don’t know about you – but it made us much more weary about what we put online.
In today’s article, we sit down for an interview with one of senior developers to discuss cyber security: how that pays into the building and coding of Event Temple, how users can better protect their online identities and what businesses should prioritize when it comes to security and protecting their client’s sensitive information.
Q: Hi Mike! Can you tell us what you do at Event Temple and how you handle security?
A: I’m the Lead Developer of the Core Team at Event Temple and I’m responsible for many aspects of security in the application: architecture, policy, planning and lots of coding. We take information security very seriously, especially client information, so we follow best practices and are generally defensive and proactive about data security. It is always a game of satisfying and balancing confidentiality, availability and integrity requirements.
Q: What is Cyber Security and why is it so important?
A: Cyber Security is a blanket term that generally refers to anything involving online security or privacy. With hacking attacks on the rise, it has never been more important to protect yourself online. Defense in depth is best, but any degree of protection is a great idea. It’s really important.
Q: Can you tell us a little bit about the cyber security policies and best practices Event Temple has in place?
A: Security engineering is always a priority when we are designing features or working on policies. Our general approach is to rely on reputable third-party services and minimize our own responsibilities. For example: we don’t want the liability or complexity of processing and storing credit card information, so we have integrated with Stripe in such a way that our servers never actually see the credit card information. No credit card numbers: no chance of losing those credit card numbers! But really there’s a very long list of security precautions and policies we follow to protect our clients’ information and our system.
Q: What are some things people should be aware of regarding security in today’s technological age?
A: There are new hacks and threats everyday: if you have a digital footprint at all, it is no longer a question of ‘if’ your data will be compromised, but ‘when’. The single best thing I could recommend is to use a password manager software and randomized passwords for all of your services. The next best thing I could recommend is to rotate/update your passwords regularly, in proportion to how often you use the service. With so many email lists being traded and posted, you don’t need to have a high profile to draw the attention of hackers and scammers: anyone can be targeted.
Q: What are some of the best practices people should adopt in terms of protecting themselves and their online data and information?
A: Other than using a password manager and rotating your passwords, I really recommend using fake names and/or entering the minimal amount of information necessary on all online profiles. Many times a website will request information that isn’t really necessary and could be personally identifying if the service’s data were ever breached.
Phishing emails are another thing to be aware of: scam emails impersonating services that are designed to steal your information. It is always worth skimming through the ‘Security’ settings in the apps you use: I recommend sharing the absolute minimum amount of information necessary.
Q: What are the most important things that hotels and businesses should be doing to protect their valued client’s sensitive information?
A: For businesses of any size, the best advice is to be proactive and seek external penetration testing/security auditing from qualified professionals. Often minor misconfigurations of network hardware can allow illicit access to your network, and getting and keeping everything in working order is always a fight against entropy. It only takes one compromised node to infect the network. Physical security and off-site data replication in the case of a disaster or emergency is another important consideration.