Barely a week goes by without yet another large data breach dominating the headlines. From the Target data breach in 2013 through to the IRS’ loss of over 104,000 Americans’ data this week, both the pace and severity of failed cybersecurity incidents are on the rise. Startups and entrepreneurs are lucrative targets for cybercriminals. Most entrepreneurs are solely focused on finding product market fit, building amazing teams, and meeting with investors and customers. Few afford themselves the time to stand up intrusion detection systems, implement anti-malware and antivirus systems, or train their teams to be wary of spear phishing and social engineering attacks. These are critical oversights.
Data breaches come at a tremendous cost, both financial and reputational. Protecting your (and your customers’) data must be core to your business plan, and executed with the same diligence as hiring your first employees or setting up your payroll system. Thankfully, the essential components of an effective security platform are simple to put into place:
Invest In Reliable Anti-virus And Anti-malware Software From Day One
A compromised device means that every action taken on it, from logging into your email to checking your business’ account balances, are potentially vectors for exposure. Start strong: install reliable anti-virus and anti-malware software on every laptop or desktop you use. Vendors fight for the top spot each year, independent sources such as AV-Test provide objective reviews annually.
Set Up Multi-factor Authentication For Every Service You Use
From Google Apps to your AWS production infrastructure, ensure that multi-factor authentication (“MFA”) is in use. MFA introduces an additional requirement to login screens, requiring both a password and a code, typically sent as a text message to a phone number that you specify. Turn it on for all of your core cloud services. Google, Amazon, and Microsoft all provide step-by-step walkthroughs.
Encrypt Sensitive Data
If your business stores any kind of customer data, avoid the mistakes of larger companies that have suffered embarrassing breaches this year: encrypt your database from end to end. Storing customer data of any kind “in the clear”, whether it’s regulated information like credit card information or simply personal data such as shipping addresses is a poor idea. Insist on strong encryption in your production and logistics systems from day one.
Make Security A Visible Part Of Your Culture
One of the weakest links in any security system is not technological, but biological. The most expedient way into most organizations is through staff; 93% of all attacks begin with spear phishing, where a targeted email is used to push malware to a device. In your role as a leader, you must set the tone for how your employees should respond to suspicious emails, phone calls, and even attempts to “shoulder surf” into your building behind legitimate staff. Make it clear that you take security seriously, and ensure that your team has confidence that you’ll take any reports of potential threats seriously.
Don’t Go It Alone
Security is complex, and as your business grows, so too will the likelihood that you will be attacked. Stack the odds in your favor; there are a number of new companies focused on providing automated “threat intelligence”, alongside more traditional tools that handle log file monitoring and management. Especially if you’re a smaller startup, or if you’re dealing with regulated data, seek out automated threat tools that can reduce the time and effort to detecting breaches. Bringing in these platforms early can be a differentiator to prospective clients, and as with most things, choosing to be proactive is preferable to being forced to be reactive.
Click here to become a writer and reach 170,000 readers.