Unfortunately, with the arbitrary evolution of cyber threats, developers are now expected to integrate cyber hygiene in their thought processes.

I mean to imply the day-to-day practices that protect codes, systems, and data from breaches. Just as good personal hygiene keeps an individual healthy, cyber hygiene ensures the health and security of the digital environments that we build and maintain.

Over the years, I have found that often it is these small, consistent practices that make a tremendous difference in shielding properly secure information from vulnerabilities.

One of the most important practices of cyber hygiene is keeping the software up to date along with its dependencies.

Outdated libraries, frameworks, and tools constitute typical entry points for attackers. Routine updates to your source control and third-party packages shield you from known risks.

Tools such as Dependabot or Snyk, which notify about updates and security patches, can automate this process.

For example, an outdated library proved a critical vulnerability on one of our projects. We started automating some dependency checks in our workflow in response to this kind of concern.

Good password management is another pillar of cyber hygiene. Weak or reused passwords pose excessive risks, especially when getting control access to version control systems, cloud platforms, or development tools.

Password managers can significantly lessen this risk, making sure the password manager generates strong, random passwords and securely saves them. Meanwhile, having multi-factor authentication (MFA) further secures access and nullifies unauthorised access even in situations when the password might have been compromised.

Next to that, secure coding practices are equally important. The fundamental aspects of secure code, such as input validation, data sanitisation, or avoiding hard coded credentials, protect against SQL injection or cross-site scripting (XSS).

For instance, in a recent project where we introduced input validation as a secure coding practice, we prevented an injection of malicious data that would otherwise have exploited vulnerabilities in our application. When developers embrace secure coding from the outset, it fortifies the system they build with security in mind.

Another crucial practice is regular backup. Any data can get lost through either accidental deletion, ransomware attack, or hardware failure, these minimal impacts can easily be counter-mitigated through a proper  backup scheme.

It is always best practice to automate the backing up of all critical data to secure, safe, and offsite locations; this ensures that recovery post-incident can be done quickly.

I have seen so many teams lose days because of bad backups, a weakness  that could have so easily been avoided by implementing a proper backup plan.

Monitoring and logging are then equally important. Watching system logs while keeping track of unusual activity would help to identify possible breaches at an early stage.

The likes of Application Insights and ELK Stack are great tools to get insight into system behaviour and security events. For instance, you may spot a sudden spike in failed logins as being a sign of a brute force attack, allowing you to react before any damage.

Building a security culture among your team should be a very high priority. Cyber hygiene, by no means, is a solo endeavour; it is an ever-collaborative one. Regular training, knowledge-sharing sessions, and security drills will keep everyone in tune with the latest in terms of awareness.

Wide-open discussions about possible risks and incidents encourage the team to be able to face together and harmoniously along with efficacy any emerging issues.

Cyber hygiene means the day-to-day practices that shield the codebase, systems, and data from threats. Updates, passwords, secure codes, backup, monitoring, and security culture are ways to enforce cyber hygiene, which further minimises risks of breaches for developers to work around.

Although small, these consistent practices are the foundation of a secure and resilient development culture, and the consequences are more pronounced in a world where we face threats almost every day.

After all, prevention is better than cure!

*Faith Sodipe is a forward-thinking Software Engineer with a passion for developing user-centric, secure, and scalable solutions. Expertise in Flutter for cross-platform mobile applications and .NET for backend systems is complemented by a Master’s degree in Cybersecurity. Faith excels in leading and collaborating within teams to transform visions into functional systems.

He is dedicated to using technology for social good, particularly at the intersection of human-centered design and AI, to make technology accessible and impactful for all.

In today’s technology world, the reliance on open-source has become a mixed blessing. While these components enable innovation and mitigate development costs, they also allow potential vulnerabilities that can jeopardise the security and integrity of software solutions.

As a Senior Software Developer renowned for my role in this domain, I have been at the forefront of addressing these difficulties.

With over years of experience, I have seen the intricacies of the software supply chain directly. I understand that the integration of open-source libraries and frameworks is indispensable for modern software development. However, she also recognizes that this convenience comes with significant risks. Patricia’s approach to securing the software supply chain is multifaceted, combining rigorous security practices with innovative solutions.

One of my favourite techniques entails conducting robust audits of open source dependencies.

By meticulously examining the source code of these components, she identifies potential vulnerabilities that could be exploited by malicious actors. This proactive technique allows me to identify security issues before they can be leveraged in attacks.

My audits are not subjected to the initial integration of open-source components; I ensure continuous monitoring and periodic reviews to keep up with new vulnerabilities and updates.

I  advocate for the integration of advanced technologies to promote security of the software supply chain. I led the development and implementation of advanced dependency management tools that automatically detect and remediate vulnerabilities.

These tools leverage machine learning algorithms to analyse vast repositories of open-source code, providing real-time alerts and suggestions for secure alternatives. By automating these processes, I have significantly reduced the burden on developers, allowing them to focus on building robust and innovative software.

Another aspect I specialise in is promoting a culture of awareness within the development teams. I discussed further about the importance of training developers to notice and address security issues in open source dependencies. Through mediums such as seminars, and hands-on experience, I have equipped her colleagues with the knowledge and skills necessary to secure their code effectively. Her efforts have led to a noticeable improvement in the security posture of the projects she has been involved in, with fewer vulnerabilities making their way into production environments.

Beyond my technical contributions, I support  increased collaboration and transparency within the open source community. I am deeply committed to open source projects, offering not only codes but also security enhancement and best practices.

In a global world where cyber threats are becoming increasingly solid, my efforts to secure software supply chains are more crucial than ever.

My approach consists of intense audit. Automated tools, community partnership and developer training has set a new yardstick in addressing vulnerabilities in open source dependencies. As a Senior software developer, I am at the front role of making sure security and integrity of software products leaves an enduring legacy in the industry, motivating others to emulate my journey.

Meet Patricia Akinkuade: 

Patricia Akinkuade is a seasoned software engineering specialist with a demonstrated history of impactful contributions in the manufacturing, oil, and fintech industries. Her technical proficiency spans an impressive array of technologies, including C#, VB, Microsoft SQL, TFS, Azure, Jira, Confluence, Blazor, Docker, Kubernetes, .Net,  amongst others. Patricia’s expertise in software engineering has consistently driven innovative solutions and enhanced operational efficiencies across various sectors. Her leadership in implementing data-driven strategies and cutting-edge technologies has positioned her as a pivotal force in digital transformation, ensuring robust and scalable software solutions that meet the dynamic needs of modern enterprises.