Skip links

Key cybersecurity risks to consider during custom apps and software development

Whatever type of app you’re getting developed — be it a sales tool to connect with your customers, software that streamlines internal operations for your employees or any other digital product — you should be having a cybersecurity conversation.

According to recent research, 35% of cyberattacks were traced to apps. And 43% of Android apps and 38% of iOS apps tested had high-risk vulnerabilities.

This is not a knock against apps — there are cybersecurity risks with all digital technology. And ultimately, 95% of security breaches are a result of human error, according to the World Economic Forum.

But companies and organizations still need to ensure their software is built with the right security protocols that will set their employees up for success.

Because the cost of a security breach can be devastating.

A 2019 Verizon study found that 69% of survey respondents would avoid a company that had experienced a data breach, and 29% would walk away from the company for good.

Do the math on your own user or customer base. If you lost almost 30% of them, what would that mean for your organization?

This is why it’s wise to start thinking about cybersecurity before your software or app is even launched, during the development process.

The two biggest security concerns most of our clients raise at the outset of a project are:

  1. Wanting to avoid data leaks. Keeping both your business and user data safe is critical. It’s table stakes for playing in the digital world and if you don’t do it, your business could be compromised, and your users could flee to competitors.
  2. Ensuring control of your own app/software. Robust cybersecurity is necessary to avoid a bad actor breaking into your app or platform, locking your business out and only handing it back after you turn over vast sums of ransom money.

To protect against these concerns, most of our development-related cybersecurity efforts focus on encryption, verification, and authentication.

App development protocols that help protect your data

  1. Here at Vog, we always store all our client data on a server (instead of locally). That means sensitive data doesn’t live on your users’ devices — which can create data vulnerabilities. This is an important first step to protecting data.
  2. Secondly, none of the data we store is in a form that’s readable by humans. If someone did somehow access your data, they would see a lot of binary data. Ones and zeros. They wouldn’t know whether it’s an image or a movie or an excel file. It wouldn’t be usable to them at all.
  3. And then there’s encryption. Imagine a piece of critical, personal user data. We would separate that data into at least two parts – meaning if someone does get access to it, and then miraculously decode it (by some miracle/incredible hacking skills) they still wouldn’t have usable information.

It’s important to note that we’re not talking about end-to-end encryption here. While it’s very possible to achieve end-to-end encryption from a technical perspective, it’s extremely expensive. Because it means you need to control every aspect of data transfer and storage.

For example, Facebook claims to have end-to-end encryption, but Facebook employees have the ability to look at data. Which means, by definition, it’s not encrypted end-to-end.

For almost every client we work with — upwards of 99% — regular encryption is more than sufficient. Even your banking apps do not have (or require) end-to-end encryption. That’s how powerful the protocols noted above are.

The importance of two-factor authentication

In addition to the secure storage and encryption we embed in every app, we highly recommend organizations employ two-factor authentication, which requires, as the name suggests, two criteria to authenticate a user.

Potential authentication factors include things like usernames, passwords, postal codes, personal devices, etc.

Why is 2FA important? Because as mentioned before, the majority of data security breaches happen because a human makes a mistake (or in some cases purposefully leaks data). In fact, an alarming numbers of users – almost 25% – do nothing to protect their data.

That’s why we focus on doing everything we can to outfit apps with built-in protocols that are both as secure as necessary, and also encourage users to engage in good, safe online behaviour.

If your organization has software or an app in use right now, it might be worth getting a third party to do a security review, to see if there are any security holes you need to fill.

But the single best way to protect your data is to build it right the first time. If you’re looking to develop an app or custom software, we’ve got your security covered.

Have questions? Looking to get started on your digital product? Get in touch: