SafetyDetectives spoke with Andrew Sharapo, CTO and Co-Founder of Uinno, about keeping up with the latest advancements in cybersecurity, the challenges involved in creating custom software, tips for securing your network, and more.
Can you talk about your background and what motivated you to co-found Uinno?
I got interested in programming (Basic, Pascal) at school. Then I received specialized education and began working in various web development companies. My expertise and skills grew, and so did my position. Still, there were some things in those IT companies that I did not like and could not influence in any way. Therefore, my partners and I decided to establish a product development agency that would be the most consistent with our vision of how to do it right.
What are some of the flagship services offered by Uinno?
Our main focus is to deliver a software product that best reaches the client’s goals and satisfies the end users’ needs. For that, we provide discovery phase and MVP development services, solution design and UI/UX design services, web application and mobile app development services, code audit and technology consulting, AI/ML, and Blockchain Web3 development services. Still, we are not limited by any technology or engineering approach. Therefore, any custom request can be turned into a world-famous product using the best-fitting tech.
How do you keep your organization and technology team informed and up-to-date with the latest advancements in cybersecurity?
Our whole team is constantly focused on learning and training new skills. Besides taking special courses, we share useful information with each other, read and discuss specialized security web portals like Safety Detectives, attend thematic conferences (although it’s pretty hard lately for reasons beyond our control), and test cybersecurity theories in practice.
What are some of the challenges involved in creating custom software for various businesses and industries?
The most difficult thing is to dive into the business industry to create a truly successful product. Our solution here is the closest possible cooperation with the client, who we treat as an invaluable expert and visionary in the particular domain.
In terms of security, we only take on projects in industries where our knowledge and experience are sufficient (for example, GDPR & PCI DSS in fintech) and do not take on projects where we do not have sufficient expertise (HIPAA in healthcare).
In your opinion, what do you see as the most significant threat to organizations in terms of cybersecurity and what measures do you take to protect against such threats?
Most often, the biggest problem and vulnerability are humans. Therefore, you need to:
Try to eliminate the human factor. For example, Amazon AWS allows you to enable the Force MFA (multi-factor authentication) policy when creating a user, and the user will not be able to work with the service without connecting the application for generating TOTP. If it is possible to automate the OS/software update, it is better to do it, rather than hoping that the person responsible for this will not forget to update an important host.
Develop corporate security standards and conduct training/clarifications for employees. For example, you can emphasize that it is always preferable to use MFA, even if the service does not require it. Likewise, staff should be aware that passwords need to be stored and transmitted using special software, and not via a messenger.
Keep all software up to date.
Do you have tips or advice for our readers on the best practices to secure their network from hackers?
It is very difficult to give universal advice. Perhaps, the simplest way to secure your network is to always install updates of OS/software/firmware on routers and other network equipment. Use long passwords. Btw, long doesn’t mean complex.
Enable only those protocols, and open only those ports that you use. It’s not a good idea to keep SSH open on a machine you only use locally for “just in case”.