I've seen some pretty special stuff.
When you roll your eyes every time GDPR appears. Read this story and weep at the abysmal lack of common sense.
Last year, a prospective client asked us to review their app solution. We did an unpaid 10 minute presentation.
We wanted to work with them to in the long run so the 10 minutes was a gift to them.
One of the biggest issues was the lack of HTTPs security for the app or the login page. You know the green padlock that appears in many websites these days? It was not there.
In Google Chrome and other web browsers. A warning message saying "Not Secure" appeared.
Without HTTPs, it is possible for someone to steal the data as it travels across the internet. Not to mention stealing the login passwords.
We presented this problem, they had no idea it exsisted. They said their developers promised them it was secure. The owners are not technical, they trusted their provider to protect them.
Depending on the provider, corners are often cut. They said they'd get to the bottom of this and fix it. Due to budget reasons, we did not work with them long term and went our seperate ways.
It is now July 2018. I spotted their name by chance.
When I checked their app login again, I saw they updated it. It looked modern and much better than the previous version.
But the security warning was still there right at the top. No HTTPs. No security. No protection from bad guys.
These guys are looking to provide their app to large enterprise organisations.
This app is close to the recently scandalised Cambridge Analytica service. It harvests millions of pieces of data from social networks across the world.
They are most likely at risk of GDPR violations on an epic scale. By exposing hundreds of thousands of records of personal data at least. (We saw at least that much when we reviewed it)
HTTPs is easy to put in place. If they can't achieve that, what other security holes exsist? It would have cost in the region of £200 to fix this. Actually it should have cost nothing to resolve, 10 minutes of labour time if that.
There are many issues surrounding GDPR. It is complex and rather scary. Yet if it were not for the cowboys abusing personal data and failing to protect it, we would not need it.
If you need a second opinion on your technology, come talk to us and if we point out a very gaping security hole. Please fix it, let's end this foolishness before the EU passes another complex law.