Welcome to our latest FAQ Friday, where industry experts answer your burning technology and startup questions. We’ve gathered Minnesota authorities on topics from software development to accounting to talent acquisition and everything in between. Check in each week, and submit your questions here.
This week’s FAQ Friday is sponsored by The Jed Mahonis Group. The Jed Mahonis Group helps businesses strategize, design, develop, and deploy custom iOS and Android mobile applications. The company has partnered with many startups and large brands over the years to deliver software that is used by millions of people around the world, including companies such as Great Clips, Green Mill, VSI Labs, and Kwikly.
Meet Our FAQ Expert
Tim Bornholdt, Partner at The Jed Mahonis Group | @timbornholdt
Tim got his start in web development in the first grade, so he’s been building websites and apps for more than 20 years. In addition to being an accomplished software developer, Tim is also an award-winning videographer and podcaster. He currently edits the C Tolle Run podcast hosted by Olympian Carrie Tollefson, and he hosts the Constant Variables podcast where he breaks down complex mobile app development topics for entrepreneurs and product managers.
This Week’s FAQ Topic – Security
What is social engineering and how can it negatively impact my business?
During this isolating time of social distancing, a growing boredom buster on Facebook are “listicles” which are seemingly harmless lists of questions and answers to get to know your friends better.
While some of these lists are indeed harmless, it’s important to be aware that others have ulterior motives. Take a look at the list below:
- What’s your first pet’s name?
- What street did you first live on?
- What’s your mother’s maiden name?
- What was your favorite grade schoolteacher’s name?
- What was the make of your first car?
These were questions asked in a Facebook listicle that we saw the other day. These are also the same questions that are used as “security questions” to many of your online accounts.
When you forget your password, the answers to these questions give you access to your online bank account, email account, social media profiles, and so forth.
If someone were interested in hacking your account, the first thing they would do is look at your social media history and try to find the answers to these questions.
There’s a phrase for this security concept: social engineering.
Social engineering isn’t only rampant in our personal lives: it is how many of the business world’s major security breaches of the past several years were pulled off. Businesses who train their employees to be aware of it stand a better chance of keeping their business secure. Learn more here.
Can a mobile app be hacked?
Short answer: yes. There is no such thing as a “hack-proof” app.
Your app needs to have a strategy around how to keep its data safe. Not every system makes sense for every app, but every app can stand to do a few basic things to keep the information in ship shape:
- Make security a priority from Day 1.
- Encrypt everything.
- Sanitize and filter user content.
- Use unique passwords everywhere.
- Use IP whitelisting.
- Use 3rd party dependencies sparingly.
- Implement system frameworks.
- Think like an attacker.
- Keep your system up to date.
- Train your team to be aware of social engineering.
Long answer: For a breakdown of each of these steps, along with what to do if your app does get hacked, check out this article on How to Keep Your Mobile App Secure.
Still have questions? Ask Tim and The Jed Mahonis Group team questions on success by failure and more on Twitter at @timbornholdt.