Sunday, November 17, 2024
Google search engine
HomeGuest BlogsSaaS Security: A Checklist by 2Slash Co-Founder Itay Forer by Roberto Popolizio

SaaS Security: A Checklist by 2Slash Co-Founder Itay Forer by Roberto Popolizio

Roberto Popolizio
Roberto Popolizio

Updated on: October 29, 2024

No company is immune from cyber threats, regardless of size or industry. In this interview series by Safety Detectives, I speak with leaders outside the cybersecurity sphere who have faced these challenges head-on. From data breaches to navigating strict privacy laws, they reveal hard-earned lessons on protecting their customers and businesses. If you’re looking for practical, actionable advice to safeguard your company—and avoid costly mistakes—you don’t want to miss this.

Itay Forer is a serial startup entrepreneur, mentor, and creator with over 15 years of experience. He is the co-founder of 2Slash, an AI-powered writing assistant that enhances productivity in online writing tasks such as emails, social media posts, and blogs. Apart from 2slash, Forer has also bootstrapped a startup into a multi-million-dollar venture backed by Y Combinator and mentored numerous founders in the B2C & B2B software sector, where he has developed various SaaS products.

What problems does your company solve, and for whom? Can you share your numbers in terms of revenue, customers, and team?

We solve the productivity problem. Many people dive deep into AI, but there are too many tools and too many things to do. Sometimes, you just need AI to serve a function and get results quickly. For tasks like writing, summarizing, or working online, especially in the writing space, you don’t need a long, complicated process or communication with various tools.

What we provide is a solution that lets you use AI wherever you are. You can set up pre-written prompts that give you instant answers, saving time. If the quality is good, you save more time compared to using other tools that might require multiple exchanges for a simple result.

Our target customers are mainly marketers, solopreneurs, or entrepreneurs who need fast results and have a lot on their plate. It’s less suited for people just exploring AI tools. We currently have thousands of users from the U.S., Europe, Israel, and other countries. Our team consists of three founders and three additional members.

Is there a particular event that changed your perspective on the importance of cybersecurity or privacy? Can you share that story with us?

Running multiple businesses, I’ve faced several incidents where people tried to break into our platforms—not necessarily 2slash—for various reasons like accessing data or using our servers.

There was one time when a partner and I got into a competitor’s system just for fun. We didn’t do anything with the data we found, but it showed me that the biggest threat is often human, not software. My partner mimicked the behavior of one of the users and got in easily. That’s when I realized that humans are the weakest link.

Security isn’t just about software; it’s about training employees to follow certain protocols. The world is global now, and many people work remotely on their own devices. Training people is critical because most threats come from human error.

What steps have you taken to train your teams on cybersecurity best practices and improve security awareness?

We limit admin access to only those who truly need it. Not everyone requires full access, so we reduce the number of people who can interact with the backend. We also follow guidelines to protect the company in case something happens. We keep backups and have internal procedures for dealing with problems, with steps in place for handling different situations.

Building a system with multiple layers, rather than one point of failure, is key. This approach helps us train employees and ensure they understand the importance of these practices.

How do you manage cybersecurity for your customers and internal operations right now, and how do you balance cybersecurity spending with other priorities?

Our tool doesn’t save any customer’s information. It’s purely a front-end operation. You get the information you need, copy it, and move on. We don’t store anything. This privacy-focused approach helps protect customer data.

Balancing cybersecurity spending depends on your business. It’s about understanding where the risks are and building the right infrastructure from the start:

  • If your platform connects people but doesn’t store much information, there’s less risk.
  • If your business handles a lot of sensitive customer data, you need to invest more in security.

Hiring people with experience in security, even if they aren’t specialists, is important so that security is considered from the beginning.

What’s your experience with outsourcing cybersecurity versus handling things in-house? What would you suggest to other companies of your size?

It’s worth hiring a consultant or getting advice on the best software to use. Every business needs to protect different parts—whether it’s the database, website, or app. Each part requires different expertise. If your team lacks that expertise, you want someone with experience to lay out your options and help you choose the best path based on your niche and the threats you face.

How do you handle your personal cybersecurity and online privacy? What practices or tools do you use?

I try to avoid using too many tools and keep things separated. If I use a tool for one purpose, I don’t connect it to my main accounts. I also use VPNs and store important data on external hard drives, so I can reboot my computer if needed without losing anything.

I use Dashlane to keep my passwords secure and change them regularly. It costs about $120 a year, but I find it worth the investment to avoid reusing or forgetting passwords.

What regulatory requirements around data protection and privacy have impacted your business, and how? How have you adapted?

Initially, I focused more on what made customers feel comfortable. But over time, I realized the importance of complying with basic regulations because people often forget about them otherwise. These regulations push you to go through necessary processes that you should be following anyway.

While I’m not a big fan of regulations that feel like being forced on you, they do have benefits. They help customers feel more secure and push companies to prioritize security.

Do you foresee any changes in technology and laws that may impact the way you do business in the coming years? How are you preparing for these changes?

Yes, especially with AI. Many AI tools require a lot of information and trust in the system. If you don’t build it correctly and keep things separate in your platform, it can become a big threat.

APIs, whether from small or big tools, introduce risks if they aren’t handled properly. The key is to build systems that separate what’s necessary and avoid unnecessary connections. That’s how we prepare for future challenges.

How can people connect with you?

LinkedIn: https://www.linkedin.com/in/itayforer/

X: https://twitter.com/itayforer

RELATED ARTICLES

Most Popular

Recent Comments