Security and Privacy Checklist: What to Note When Signing Up for New Apps and Services
Thinking of installing an app or signing up for a new digital service? Be careful! Among the many companies out there that market apps and services, only a few take good care of your data. We’ve compiled 5 important features to look for when deciding whether or not to put your trust in an online company.
Make sure your data is encrypted in transit and at rest
Encryption may be one of the most important requirements for any online communication. Without encryption, anybody who manages to intercept or steal your data will be able to read it -- whether it be images, passwords, messages, or other sensitive information. According to Norton, hacking is “big business,” and your personal information is valuable.
Because encryption “[scrambles] your data so no one can understand what it says without a key,” any company that uses encryption in transit will greatly hamper cybercriminals’ ability to do anything with your data, even if they intercept it. In addition, companies should also encrypt data at rest -- i.e. while that data sits in storage like in a hard drive.
Don’t let your data fall prey to hackers’ schemes! Make sure that the company uses encrypted connections (HTTPS, SSL, TLS, FTPS, etc.) for data in transit, and that they encrypt files at rest in their storage.
We knows how important encryption is, so Searchable.ai uses encryption for all user data in transit and at rest. In fact, the entire Searchable.ai infrastructure is built with Amazon-grade security.
You'll also want to know how long your data stays in the system after such a request, which in most cases should be around 30 days. Any longer than that, and it’s time to ask yourself whether it’s worth it to sign up for a given service.
See if the service shares contact information
You’d be surprised how many companies out there don’t offer an easy way to get in touch with someone for help - eek! You might be familiar with the situation where you need to troubleshoot a problem you’re experiencing with an app...except the app’s publisher provides you with no way to contact its support team. Maybe it doesn’t even have a support team to begin with.
When evaluating an app or service that you want to sign up for, check if it provides a a valid support email. If not, it should at least have a “Contact Us” page where you can submit a query.
Searchable.ai users can submit reports to firstname.lastname@example.org. We will investigate all reports and do our best to quickly fix valid issues.
Look for 3rd-party security certifications and reports
Companies that meet compliance standards are more likely to be trustworthy. In addition, security-minded companies should readily supply compliance reports when requested. So make sure to check if the app or service has been certified by independent third-party audits.
Third-party security assessments determine the level to which “service providers securely manage your data to protect the interests of your organization and the privacy of its clients.” It does this via 5 “trust service principles which are security, availability, processing integrity, confidentiality, and privacy. An app or service that puts effort into its management and protection of data would already have a SOC II certification, while one that does not (or hesitates to show you its certification, when asked) should be viewed with more caution.
Other assessments to look for include penetration testing (commonly called pen testing or ethical hacking), a “security exercise where cyber-security experts attempt to find and exploit vulnerabilities in a computer system” to identify weak areas in a system’s defenses. You should find out if a company does this for its app/service, and if you have access to those test results.
Searchable.ai has been certified by A-LIGN to be SOC II Type 1 compliant, and we are actively working towards achieving SOC II Type 2 compliance. We also regularly test for any weak spots in our system’s defenses.
Check if the company offers a Bug Bounty Program
A company can ensure that it stays ahead of unscrupulous hackers by offering “bug bounties” to individuals who discover security exploits and vulnerabilities. By offering financial or other incentives for people to test its systems and report back to it, the company can discover and fix bugs early enough to prevent criminals from abusing them.
Many high-profile companies like Google and Microsoft regularly host bug bounty programs. In fact, Google paid $6.7 million in bug bounty rewards to 662 researchers over the course of 2020 alone. If you want to know whether or not a company takes security seriously, check if it conducts bug bounty programs.
Searchable.ai has been consistently implementing bug bounties, which has helped us bolster our systems’ security.