November 25, 2017
If you ask most startup founders what they believe to be most essential to the success of a startup, they’d probably mention a growth-related metric. However, I disagree. I believe that security is the single most important factor every startup founder should consider. And I’m not alone.
The more we tend to rely on the internet for day-to-day activities and financial transactions, the more sophisticated hackers become. Unfortunately, startups are usually at the forefront of these attacks, as they are also the ones with the least recourses to protect themselves. Research shows that 43 percent of cyber attacks target small businesses and startups, and that 60 percent of startups that experience a cyber attack go out of business within six months.
No matter how great your strategy is or how rapid your growth is, it can be difficult to survive a security breach. The best thing to do is to work on prevention, and the following four steps will help you ensure your startup security:
Review Your BYOD Policy
Allowing employees to bring their own devices and access sensitive work-related files on their devices can be very appealing to startups. For one, BYOD is trendy and growing in popularity, and the more accommodating and flexible a startup is with employees, the easier it is to retain talent. Additionally, it saves costs in having to purchase computers and other devices since employees automatically carry out activities on their computers.
However, it is very important to be aware of the risks that comes with a BYOD policy. For one, the technology and security savvy of every employee is different, and just one employee with weak security could become a weak link that results in the whole startup being compromised. Just ask eBay — their famous hack in which 145 million user details was stolen was due to just three employees being compromised.
When you supply devices to employees, it can increase IT costs a bit, but you have more control over the security settings and can ensure adequate compliance. If you decide against having your own devices and prefer that employees use theirs, be sure to create a clear policy on how it can be used to access your server.
Ensure Internal Security
While a passionate employee that loves to get work done can be an asset, the same employee could pose great security risk. For example, if this employee leaves for work and suddenly remembers during their commute that an important job wasn’t done, they might simply connect to the WiFi in the bus and starts to work. That is all good, except most public WiFi networks are weak in security. And this action, although done out of passion for their work, poses a great risk to your startup.
If your employees are allowed to access your server outside of your company network, make sure they are properly educated about security best practices when using the Internet. For one, ensure they have a strong firewall in place. Secondly, encourage the use of VPNs, especially on public networks — VPNs create an encrypted tunnel through which their traffic is sent, making it practically impossible for anybody to see what they’re doing. PureVPN and HideMyAss are some of the more popular VPN options.
Enable Multi-Party Authorization
Very few startups (or even major corporations) have multi-party authorization enabled for accessing key sections of their server. This can be a very costly mistake. News made the rounds in 2013 of a HostGator employee who was arrested after it was found out that he installed a backdoor on more than 2,700 HostGator servers. And he was just a medium-level administrator!
Even more, he wasn’t caught until he was dismissed. This could have been prevented if two or three people had to authorize sensitive actions about to be performed on the network by an employee. If you don’t have multi-party authorization enabled, it is a good idea to work on it immediately.
Insure Your Startup
As the Internet continues to become more of a global force, and hackers keep trying to make it more of their playing field, more insurance options are being introduced to protect business owners in the case that they get hacked.
Don’t assume that your standard insurance coverage will protect you in case you are hacked. It most likely won’t. However, there are cyber insurance programs dedicated to this. So check with your insurance company to see if they have a cyber insurance program.
Read more about the importance of cyber security on TechCo
Did you like this article?
Get more delivered to your inbox just like it!