As the founder of a startup or small business, you may assume that you’re safe from hackers and cybercrime for the time being. After all, who would want to mess with you when there are billion-dollar companies out there?
Well, hackers know that small companies are more vulnerable, so you’re actually easy prey. That’s why it’s so important that you take security seriously.
The Target is On Your Back
In order to understand how hackers and cybercriminals behave, you have to think about things from their perspective. If you were a cybercriminal, what would your goal be? They say thinking like a criminal is how the police are taught to fight crime.
What Is The Cybercrime Profile?
You’re doing illegal things, but you are very intelligent. You understand risk and reward and make choices based on suppressing the former and maximizing the latter. Keeping that in mind, it makes sense to go after small (and young) businesses – a.k.a startups.
Sure, a big corporation may offer the potential for greater rewards, but the risk is immense. These organizations spend millions of dollars a year on multi-layered security infrastructures and your chances of penetrating their defense are slim. It can be done (see Target, Yahoo, Home Depot, etc.), but for every successful breach, there are thousands of attempts. You’re going to spend a lot of time and energy on these attacks and there’s no guarantee that they’ll bring any return.
Then you have startups. If a big corporation is like a mansion in a gated community with a state of the art alarm system and video surveillance cameras, a startup is like a brick ranch house in a quiet neighborhood with very little security. In other words, the reward may be smaller, but there’s virtually no risk.
“Startups often have financial challenges and can even be very under-funded. Security is a luxury they cannot afford,” web security expert Mathias Wyss points out. “Many startups are so busy building product and trying to get in front of the right people to sell that product, that paying attention to security seems secondary and a pointless expense.”
Cybercriminals also know that startups, when strapped for cash, forgo private data centers and instead opt for public servers and cloud storage to store sensitive data and intellectual property (which is usually their most valuable asset).
Then you have to consider supply chain threats, which are very real when code and intellectual property is involved. Startups are often very dependent on other third-party individuals and groups to get up and running, but there’s always an additional risk when you throw more people into the mix.
“Security may seem, ‘somebody else’s problem’ when you, yourself are in the midst of creating your dream. But, that dream will quickly become a nightmare if you don’t take control of your IT security and protect your company as it goes through its most vulnerable early stages,” Wyss assures entrepreneurs. “Cyber-threats need to become an integral part of a start-ups risk management assessment in the same way that more traditional risks, like intellectual property protection, staffing and funding are now.”
The problem is that so many smaller companies and startups just assume they’re safe. They’ve never bothered to understand cybercrime and the threats they face. As a result, they’re in grave danger of being compromised. Unless you want your startup to be another example of a company that refused to heed the advice of security experts, now’s the time to act.
4 Steps to Protecting Your Startup
While you’ll definitely want to connect with a security consultant or other industry professional for guidance, here are a few simple things you can do starting today:
- Prevent Credit Card Fraud
If you operate a brick and mortar store with physical POS systems, then you need to be cognizant of credit card fraud – and skimming in particular.
“Credit card skimming is a hacking trick that involves adding a small device to an existing credit card swipe machine. The device captures data from the credit card and transfers it to the hackers,” High-Risk Pay explains. “Skimmer devices are already frequently added to ATMs, but now self-checkouts at retail stores are becoming common targets.”
Chip-and-pin cards will help cut down on fraud in this area, but be proactive about checking for skimming devices and encouraging customers to protect their pin numbers.
- Encrypt Data
It doesn’t matter how many tools and strategies you use, you won’t be able to prevent every type of hack. So the next best thing you can do is make sure the information hackers obtain isn’t useful. This is where data encryption comes into play.
When you encrypt your data, the data is turned into code that only you can read. Since it’s unreadable to hackers, it’s also unusable. This lessens the likelihood of them stealing valuable information.
- Protect Passwords (Like They’re Gold)
In startups, BYOD policies are the norm. While this is great from a cost perspective, it ultimately exposes confidential data and information to additional risk. Not only should you have a strict BYOD policy in place, but superior password protection should be highly stressed. Two-factor authentication is the best method of protection, but you should also encourage unique passwords and frequent password resets to add additional layers of security.
- Vet Everyone
Any person or business that interacts with your startup – whether on the inside or outside – needs to be heavily vetted as if they were applying for a government security clearance. (Okay, that may be overkill, but you get the picture.) Vet every supplier, third-party application, vendor, and new employee to lessen the chances of being attacked from the inside-out – and always keep an eye on everyone you interact with.
Never Assume Anything
You may feel invisible or insignificant in the grand scheme of things, but never assume that you’re safe from outside threats. Cybercriminals are extremely aware of their surroundings and know what’s happening in the smallest corners of every industry. No matter how much you may like to assume you’re untouchable, that’s simply not true.
At times, it may seem like overkill to put a gated entrance around your brick ranch home and arm yourself with an alarm system and surveillance cameras, but you can never be too safe in today’s world of cybercrime.