When it comes to cybersecurity and data protection, small to mid-sized businesses (SMBs) and startups face the same big risks as large enterprises . Only, when founders are busy bootstrapping, fundraising, and prototyping, there’s not a lot of time to be stuck in a server closet dedicated to security. Nor is there time to have the network crash. And on top of that, finding and attracting top IT talent is tough, especially when competing with the big dogs.
What are the risks these start-ups face?
From disgruntled employees hacking networks to ignorant professionals opening malicious attachments and spreading malware to proprietary information being leaked to a competitor, the risks span the gamut. The U.S National Cyber Security Alliance reports 60% of businesses that suffer a near-hack do not survive the next six months. SMBs and startups cannot afford to be hacked any more than big companies can. Why? Because security breaches cost a lot of money to fix, no matter who you are. Sony spent around $170 million to clean things up after the infamous PlayStation Network hack back in 2011. To make matters worse, your business won’t generate any revenue during the hack or its immediate recovery period.
And, when you are a young company, carefully and painstakingly building customer trust and brand recognition, one data breach can damage your reputation permanently. Companies like Facebook seem nearly impenetrable when it comes to data breaches, but even they have started to show some fraying around the edges. Based on their sheer size and popularity, the social media giant has managed to have 50M user accounts stolen, and yet they are still in business. But this is a security exception and not the rule.
What Can Founders Do to Protect Themselves?
Hire top IT talent to watch the shop, and forget about the fancy office at WeWork. Invest in human resources to shore up the company’s most precious asset—its data. This can be a challenge, especially in some of the more competitive markets such as Silicon Valley, where big tech companies gobble up seasoned IT pros with triple digit salaries and fancy perks.
Train employees. The most important thing any company can do to protect itself from a data breach is to spend a significant amount of time and money on training their team to avoid cyber attacks. It’s cheap and for very small companies, it’s free. Training employees on the dos and don’ts can go a long way into protecting data. For example, employee training should include data loss prevention, social engineering identification, least privileged access, physical security of devices, thereby creating a reliable and secure password and identifying suspicious links and attachments from phishing attacks.
Get cyber insurance. Most people don’t realize this exists. Don’t assume your company’s standard insurance coverage protects anything beyond your physical storefront and its inventory. You will need a specialized policy to shelter your digital assets—your network, and the information it contains. Cyber insurance will protect you from several liabilities that could arise in the day-to-day of running your business as well as an unfortunate event when you are the victim of a digital attack.
Constantly monitor and scan servers, which can go long way to bolster your website security. These processes might implement services such as Sucuri and should include scans of Payment Card Industry (PCI) data compliance. Prevention is the best cure. Monitoring can inform you of potential vulnerabilities before they’re exploited — and could just save your business.
Are All Startups Facing the Same Security Risks?
Founders need to understand the biggest, most prevalent risks to their growing company. When we look ahead to 2019, there are some frightening, yet predictable, security threats. These range from viruses and worms to drive-by-download attacks—also known as an attack that allows malicious code to be downloaded from the internet through a browser, app, or integrated operating system without any action on the user’s part—to Botnets, which are powerful networks of compromised machines that can be remotely controlled and used to launch attacks of massive scale, sometimes including millions of Zombie computers.
Depending on the type of business you are building, there may also be specific security precautions you need to take. For example, an eCommerce brand must make special considerations because it handles consumers’ personal financial information when processing a purchase transaction. Hackers steal credit card and other sensitive information from eCommerce sites. To protect (and reassure) your customers, it’s imperative to know how to protect your business and your sensitive customer data. Precautions may include choosing a trusted eCommerce platform, using a secure checkout connection and remaining PCI compliant, and not storing personal customer data, to name just a few.
If you are running a startup, there is a lot more to be concerned with than developing the next hot iPhone app. Time is well spent on implementing security measures. While the most popular CEOs wear many hats, the popularity contest at the employee beer pong tournament can wait. Preventing cybercrime is a full-time job.