Here are a few basic hygiene tips to ensure you're covered:

Tip 1: Ensure you have encrypted all of your PII (Personally Identifiable Information) like names, emails, and phone numbers.

• For data at rest in the database: Use AES 256 Encryption.

• For data in transit (going to and fro through APIs): Use TLS Encryption.

Tip 2: Ensure all of your API endpoints are secured.

Here are a few ways to check:

• Does the API have authentication implemented?

• Does the API have a rate limit enabled?

• Does the API have HTTPS implemented?

• Have you restricted the API to be called only from your product's domain?

This list isn't exhaustive, but a lot of the code we get from other agencies doesn't even have this basic stuff implemented.

When was the last time you had an Audit? 

We build custom health tech solutions for a living. 

Check out our Pharma Company Software Audit. 

Run a Pharma Company or Manage the IT? Check the list of software needed and the Problems associated with it.