If you’re anything like me, you might keep an eye on food intake, track the occasional run, manage email and calendar tasks, or maybe even something as significant as retirement planning — by using tools that are all provided over the Internet.
Consider this — how many services do you use today that are based on a SaaS model of delivering software over the Internet? The number may surprise you — it definitely shocked me.
So, what exactly happens when you sign up for a SaaS product? You simply click a Terms of Agreement, decide if you’ll pay monthly, annually or free in some cases — and voila — you now have a new service provider/vendor or marketer that has your information — personal and or financial or both. I understand this probably doesn’t really raise red flags for you because it’s become second nature.
However, as a security professional, I see the parts of this exchange where users have become so unaware of what they are actually providing. This new and normal experience to you, has become yet another avenue of things that could go wrong. A data security threat or risk that could harm you, not necessarily physically, but socially, financially and mentally. What I want to bring forth is the notion of protection and safety, not paranoia. The rules of safety that we apply to our physical world should applied equally and diligently to our cyber world.
1. Be Aware
The mantra to attaining digital nirvana. Bring yourself to the reality of what you are signing up for. What is the specific use-case or need this product will fulfill? What are we willing to give in return(payment, personal information, behavioral data)? Considering these things will bring powerful awareness to your every mouse click.
2. Do What You Know Best
Do you keep the doors or windows of your house open for anyone to come in or inversely why do you lock your doors and windows? You do this to keep the bad folks out, right? You should pretty much apply the same principle to your online world.
3. Do A Little Research
4. Know Your Security Responsibility
SaaS business models are about efficiency and self-service in order to quickly provide you the means to an end. Depending on the business size, maturity and years of operation, the company may provide sophisticated methods of authenticating to their site. Ensure you follow these basic guidelines:
Keep your usernames and passwords safe by ensuring you do not use the same information for all accounts or at least the key accounts that matter most. Strong passwords could be a long string of words such as favorite line from a song, book or a random sentence that you make up interjected with numbers and special characters. For example, “today will be a bright day” can be used as “T0day_W!ll_Be_@_Bright_D@y.
Use 2-Step Authentication Whenever and Wherever it’s Offered
More and more companies are now incorporating the need for security by providing users the ability to integrate another factor to the login process for strong authentication. This is in the form of adding a layer to username and password by providing a security token, a secure text to a mobile phone (SMS) or even fingerprint scanners. For software services you deem significant in terms of risk of harm, ensure to use two-factor authentication to protect your login from malicious hackers
What’s your exit plan?
For more information on consumer protection and free resources, see http://consumer.ftc.gov