Automation doesn’t lead to laziness, at least when it comes to security. Everyone (or everyone we like) wants a better, more secure web. You’re definitely aware of the need to prevent malicious attacks and data breaches, but unless you have a security expert on your team, you’re not very likely to have the knowledge, the time, or the resources to get out in front of your security.

So how do you go from being reactive to being preventive? We spoke with one of our customers, John Mick, of Stockholm-based web agency Afonso, about how they made security a habit – and about what happened next.

When did you realize that security was important for your business? Were there any disasters or close calls?
We’ve been thinking about security for some time, that we should be more strategic with it. We’ve had situations where old sites have been hacked. I’d seen an article on Hacker News about Detectify a couple of years ago, and when one of our sites got hacked last spring, I decided it was time to try it.

As soon as I did, the first scan found the problem area and I was able to fix it quickly. Since then, we’ve integrated Detectify into the ongoing work for all of our clients.

What impact has security had on your organisation?
It’s changed the way we work in the sense that now we have a forward-planning approach to it. We’re able to fix issues before they become a problem, and it’s become a natural part of the dialogue with our clients.

I’ve been able to relax and rely on Detectify to find the problem areas so I can act on them quickly.

What has changed since you started building security into your team’s workflow?
Bringing in Detectify to our daily routine has really raised our knowledge base within the area, and it’s come to the point where we’ve started to guess where we’ll have security holes.

Security as a topic has become a lot more evident in our daily work, and I assume in the near future it will be even more structured, and part of our sprint planning.

What’s been the best benefit of regular security scanning?
The biggest advantage has been that with Detectify’s findings as a backup, we’ve been able to show internally and externally that security is something you need to work with continuously. And you have to take a proactive approach.

Can we ask you what your favorite feature is?

If I have to choose, I’d say it’s that Detectify looks at subdomains, and is able to find parts of the site we might have forgotten about.

Read our blog post about why agencies should work with security and how adding security to your offer will make you stay relevant while increasing revenue and customer loyalty.

Posted by Charlie