3. Encrypt Sensitive Data in Transit and at Rest

While strong encryption is important for protecting data traveling over the internet, it also needs to be applied to sensitive information stored on servers or databases within an organization. This includes any personally identifiable information (PII) that may have been collected from customers or employees as well as other business-critical data such as intellectual property and trade secrets.

tl;dr: Don’t forget about encrypting PII when securing APIs
https://t.co/dXTOxqXj8d