Social media startups are full of energy and desperate to push their product to market. In this haste, basic security protocols are often overlooked. Snapchat has had many security flaws, and several Tor router projects were sunk by poor security. Because of this poor security, startups may have made themselves targets, according to The New York Times‘ Bits blog.
Since the compromised system was first discovered, we have been working 24 hours per day to methodically examine, rebuild and test each component of our system to ensure that it is safe. We are collaborating with outside experts to cross-check assumptions and ensure that we are meticulous in our approach.
The blog also notes that the company will require all employees to terminate their sessions when done, and that two-factor authentication is on the way for users. This begs the question: Why was Slack not employing these practices from the start? Tripp Jones, a general partner at venture-capital firm August Capital, told Bits:
When a company reaches a certain size or notoriety, it’s going to get hacked. Unfortunately, until someone comes up with a better way, the battle has shifted to identification, containment and damage mitigation.
As startups seem to repeat the mistakes of their predecessors, it becomes clear that security only becomes a pressing concern once a serious problem presents itself. But even when a problem does present, the investment dollars don’t stop and the user bases continue to grow despite security concerns.
This indicates that companies — startups in particular — are not nearly serious enough about protecting the personally identifiable information of their users. 2014 was a terrible year for breaches, but it doesn’t appear that many lessons have been learned. Despite using encryption and likely doing their best to protect users, it doesn’t seem to be enough for Slack.
Cyberattacks are ever-increasing, and hackers are displaying increased sophistication. Indeed, startups can’t wait for a problem to occur before they take action. Ideally, proactive defensive security procedures need to be in place before a startup launches their product. Hackers will always go for the weakest systems first, and it seems like there are many of those in the startup world.
Image courtesy of Shutterstock.