Cybersecurity Advice For Startups
Startups are especially vulnerable to any financial shocks, including those caused by organized criminal cyberattacks.
Startup companies are especially vulnerable to financial shocks, roughly 60% of small to medium sized businesses that experience a data breach go out of business within 6 months. Therefore, it's extremely important that startup companies take the proper steps to protect themselves from being hacked.
Understandably, many startups are more focused on developing their product, marketing and hiring new employees to expand the business. They simply don't have the time, money or desire to invest heavily in cybersecurity. To make this simple and easy for startup founders I've put together a list of 5 simple ways that you can enhance cybersecurity for your startup company:
Properly Protect Your Intellectual Property
I put this first on the list because most as a startup your IP is your lifeblood and you it's important that you protect it. This means protecting it from people outside the company as well as insider threats. Many times co-founders or employees that are hired early on may think they can execute on your idea better than you can and they will try to steal your idea and form their own business. To prevent this there are a few things you can do. Firstly, use the proper legal protections, this includes things like patents and trademarks to ensure that you are the only person with the legal right to use your IP. To find the right form of legal protection you can find a full article here. Secondly, more on the technical side you need to have proper access management procedures. This means you need to make sure that you adhere to a least privilege model, where each employee only has the access and privileges required to do their job and nothing more. Specifically, you want to make sure that the only things people know about your companies operations are what they need to do their job effectively. Otherwise be careful not to give them any additional access that could be used to undermine you or your business.
Have A Password Policy
According to a Verizon report, weak and reused passwords accounted for 81% of data breaches. This is an extremely simple yet effective change that you can make to your business that will greatly reduce the chance of a data breach. Your passwords policy should include the following points:
Strong Passwords: 8-12 characters in length, upper and lowercase characters, at least 1 number and at least 1 special character.
Password Rotation: Passwords should be changed every 6 months, the longer a password is in use the more likely it is to be exposed.
No Password Reuse: Passwords that have previously been used should not be used again once they have been rotated.
Use 2 factor authentication: If at all possible you should always use 2FA on any business account that you have, it creates an extra layer of security for your account and makes it much more difficult to hack.
Have A Schedule For Data Backups
It's important that you are prepared for the worst. Employees make mistakes and delete files, things get lost, overwritten etc. There's many reasons why it's a good idea to keep regular backups of important information for your company. One such example is if you have a ransomware incident, where someone hacks into your company, encrypts your information and charges you money to try and get it back. If you have a good offsite backup you can recover fairly easily but if you don't then you are at that person's mercy. Backups should be done as frequently as needed to keep your business covered. If you update your information every week with important information than you may want to have weekly backups. For a full guide on the different types of data backups and how they are useful, look here.
Use Bug Bounty Programs
If you have a web application and you're worried about whether or not it is secure you don't need to figure that all out yourself. Bug Bounty programs allow you to crowdsource your security worries by working with security researchers across the globe. One of the best features of this is that you only pay them if they find a relevant security issue in your application, which makes it very cost effective for a startup.
Update your Software
The last tip I will give that is pretty much free but extremely important is to update all of your software. I'm sure we're all had that experience where we get a pop up on our computer talking about a software update but we click remind me later because we can't be bothered. On your personal machine this may not be bad but for a business this is a very bad habit. Many times important security issues that were found within the application are fixed in these updates, so you need to make it a habit to resolve these as soon as they pop up.
If you would like to learn more about how to handle Cybersecurity for your startup in the 21st Century you can find a new book I released on the topic here.