July 13, 2019
Is security someone PM’s problem?
I know, developers will handle it right?
We use cloud services from AWS, so we’re cool. We use someone else’s secured payment gateway and we pay money for those services, so they’ve got it covered.
We’re just a startup, who’s going to want to hack us? Sound familiar?
As a product managers we have to spend time about security. A well planned and developed product should also care about safeguarding the product from hackers. Your product is at risk, user data is at risk and you will loose potential investors who might be interested in investing in your startup. Increasing digital defenses system doesn’t generate revenue nor Its not noticed by your users. Yet, it’s still a PM’s problem. Yes, you have to worry about cybersecurity, too.
Why does it matter?
Your loyal users trust your product. We will be handing their personal information, financial data, photos, term papers, contracts and all kinds of sensitive materials shared between two individual or a group of individuals. There’s an expectation of privacy and protection. Moreover, there are plenty of laws and regulations to back that up.
When we talk about the customer journey, it, unfortunately, must include these kinds of unfortunate events. Users will always blame your company and not the hackers or subcontractors who might ultimately be responsible.
A good example would be Code Spaces.
That had to shutter their company after they had massive amounts of data wiped out due to a hack.
How to plan cybersecurity on your roadmap?
it’s time to make security a priority.
But how can you build features and functionality for things no one will ever see or benefit from?
Security means time, money, and resources away from adding regular features to the product or improving the experience. And none of those amazing features will matter if someone hacks your data and customers might stop using the product.
Third-party software vendors
While integrating with other products, make sure you don’t involve users personal information like giving access to user images, contact details, payment information etc. Before working with any third party software, make sure you have a deep check with your tech team for any unknown bugs or access.
Do the paperwork, go for CSA STAR or ISO 27001 badge of approval. Something the tech team can rally around instead of relying on a vague understanding of what’s important and whats not.
Make it a selling point:
If you’re investing in security improvements and going the extra mile to keep user data safe, then let everyone know. It should be a standard part of your pitch, particularly in the B2B, B2E, and B2G markets. Backup and data recovery plans are a must and can now be part of service level agreements, too.