In this episode, Aviral Bajpai, VP of Technology at Powerweave, explains why data security matters for every business, not just the big tech companies or banks you might expect.
What is the most common thing Aviral hears from prospects? “We don’t really have that kind of data to worry about security beyond basic logins and passwords.” Wrong. Dead wrong.
Whether you’re manufacturing apparel or running an online store, or using an Excel sheet for procurement operations, your data could end up with competitors. Your customer transaction data could get sold on the dark web. Your entire reputation and revenue could disappear overnight.
You know what most businesses mess up with?
- Weak password policies (or worse, one shared password for all employees)
- Outdated systems full of security holes
- No malware scanning, and
- Giving users way more access than they need.
Aviral talks about the principle of minimal access. Users should only see what they absolutely need to do their jobs. If someone’s account gets hacked, you want to limit the damage.
The open source versus proprietary debate gets interesting. A lot of people worry about open source security, but it’s nearly impossible to build any modern system without open source components.
Even Microsoft, traditionally proprietary, now has the highest contributions to open source repositories. The advantage? Thousands of security experts across the world are constantly finding and fixing vulnerabilities. Proprietary systems rely on a small internal team to catch everything.
Aviral walks through real attack examples that sound like movie plots but happen every day.
- SQL injections, where hackers run database queries to delete your entire user table.
- Cross-site scripting, where malicious JavaScript gets embedded in your pages.
- DDoS attacks where millions of fake requests flood your servers until real customers can’t access your site, and you’re paying through the nose for all that fake traffic.
Powerweave’s approach? Firewalls, virtual private clouds, so databases aren’t publicly accessible, regular updates to WordPress themes and plugins, two-factor authentication, automated backups, intrusion detection systems, and PCI-compliant payment processing.
We use tools like Wordfence to prevent brute force attacks and monitor for suspicious activity.
AI is changing the game, too. Systems now detect anomalous login locations, unusual transaction patterns, or services running that shouldn’t be. You’ve probably experienced this, making a purchase on a foreign site and getting a call from your bank asking if it was really you. That’s AI-powered fraud detection working.
Watch the full episode to hear about distributed denial of service attacks in detail, why Mr Robot is the best (and most depressing) show about cybersecurity, and how one phishing form can compromise an entire organization.
