Note: This post has been guest authored by Ken Lynch, an enterprise software startup veteran, who has always been fascinated about what drives workers to work and how to make work more engaging. Ken founded Reciprocity to pursue just that. He has propelled Reciprocity’s success with this mission-based goal of engaging employees with the governance, risk, and compliance goals of their company in order to create more socially minded corporate citizens. Ken earned his BS in Computer Science and Electrical Engineering from MIT.
Data security has become a growing concern for many businesses. In fact, a recent Wombat phishing study revealed that 76% of surveyed companies had reported a phishing attack in 2017 alone. As an entrepreneur who’s starting a new business, paying attention to data security should be one of your top concerns.
The reality is that data breaches are expensive and exposing your business data to cybersecurity risks can significantly impact your bottom line. It is projected that global cyber security losses will amount to $6 trillion every year by 2021.
There are several ways through which your startup can maintain a secure data environment. Data security should be a key objective of your business, as falling victim to attacks can also damage your brand and reputation (which will significantly impede the growth of your business).
Potential cybersecurity risks you’re likely to face
Even before jumping into specific steps you can take to secure company data, you should be aware of the threats that your business faces daily. Cyber attackers are becoming increasingly sophisticated by the day. They can gain access to your sensitive company information in any of the following ways.
1. Phishing attacks
Phishing attacks are aimed at compromising business data in ways that you wouldn’t suspect. For example, hackers may design a message to look as if it came from an employee/other members of the organization. This message typically contains a link that the recipient ends up clicking (without suspecting any risk).
The link then directs recipients to a page where they may end up diverging sensitive company data. Phishing attacks are typically used to compromise passwords, credit card data, accounts, and much more.
2. Malware and Ransomware
Malware and ransomware are essentially programs that can be installed in your system, thus preventing you from accessing important files and functions. Cyber attackers use ransomware to cripple your operations and demand a “ransom” before you can regain access to your system.
The growth in popularity of cryptocurrencies has led to a new cybersecurity threat- crypto jacking. Cryptojacking refers to the use of your computing systems to mine cryptocurrency. This threat often causes limitations in the performance of your business systems- among other potential risks.
How to protect your startup’s data
Cybersecurity threats are real, and they can significantly affect your business operations. The good news is that you can take specific steps towards protecting your company data from hackers.
1. Use the NIST Framework as a foundation
Your overall cybersecurity plan should begin with implementing the NIST (National Institute of Standards and Technology) framework. NIST provides guidelines for creating a structured, measurable, consistent, and continuous approach to data security. It forms the foundation of a solid data security plan that will help your startup follow the right path moving forward.
The NIST framework also makes it easier for your IT team to manage and protect business data while remaining one step ahead of any emergent threats or unusual activity.
2. Avoid storing too much personal data from customers
Customer data (such as credit cards, addresses, passport numbers, etc.) is always a top target for hackers. You can reduce the risk of your data being compromised by storing as little personal data as possible.
While information such as traffic flow, browsing preferences, and demographic information may be helpful in attracting and retaining customers; you should avoid storing credit card details or addresses within your systems.
3. Pay attention to your vendor environment
Another important part of data security is paying attention to your vendor environment. Nowadays, many third-party companies offer services to startups. From SaaS providers to payment processing services, look closely at the steps your vendors have taken towards protecting your business data.
Furthermore, limit how much access vendors have to your internal systems. They shouldn’t be able to access more than they need.
4. Strengthen your company passwords
Usernames and passwords are another important elements of your overall cybersecurity plan. Your employees should be informed about how to create and manage strong passwords properly. A typical strong password contains the following elements:
- A minimum of 10 characters
- Combination of lower case and upper-case letters
- Use of both numbers and symbols
- Minimal use of personal elements (such as names of loved ones, pets, etc.)
You should also consider implementing two-factor authentication. The two-factor process adds a second layer of authentication- either through a confirmation email or a secondary device.
5. Encrypt all sensitive data
Another important step you should take is data encryption. Encrypted data is information that exists in an unreadable state. If hackers were to compromise your systems, they would have to decrypt your company data before having access to it.
Encrypting is an excellent solution for sensitive data such as credit cards, financial records, company emails, and much more.
6. Properly train your employees on data security
Many businesses overlook the importance of involving employees in their cybersecurity plan. Employees are the ones most prone to phishing attacks, unknowingly installing malware, or even sending sensitive business data across unsecured channels.
Train your employees on how to identify phishing messages and how to handle sensitive business data. They should also exercise proper judgment before clicking on suspicious links.
By following the items detailed here and using an agile approach to compliance you can keep your startup out of trouble by giving it the ability to quickly conform to changes in governance and emerging risks in cyberspace.