Startups are a very vulnerable kind of company, as they run on lean budgets, go fast and rely heavily on technologies. It only needs one cyberattack to lead them to bankruptcy or to destroy all their reputation. But there are a key pieces of inexpensive advices a tech-savvy startup CEO or a startup CTO can implement to reduce the risk of cybercrime.
Train your Employee First
Small companies will generally rely on multi-role and agile employee. They can’t afford at early stage a full-time cybersecurity specialist. Turning every employees into a cybersecurity chain link will greatly reduce the attack surface. It also reduces the time needed to detect and respond to a disruption.
80% of cyberattacks involves social engineering, employees that yield responsibilities on their own devices will help to implement an healthy cyber accountable culture. No need to spend a lot of money and time in it. Ask your employee to spend a little time of research in their own perimeter to then share it to everyone.
Keep your software up-to-date
When attacking software, most cybercriminals will target known vulnerabilities that have been patched by a vendor update. Whether it be laptop operating system, mobile application, webserver, update notifications should not be perceived as annoying : they are here to help.
If it is possible, enable automated updates. Include in your employee awareness session the habits to install them as soon as they appear. Ignoring those notifications is giving away free cybersecurity and increasing your cyberattack surface.
Prioritize your Crown Jewels
Not all your information and process have the same business impact. At first you may think that you need to protect everything. But after a few question to C-Levels, CTO can identify a handful of equipment, process or information that are truly making the startup successful.
Trained employees, updated antivirus and software create your first minimal security baseline. You can spend your little cybersecurity budget to implement additional protection around those Most Valuable Assets : backup, penetration testing, physical security.
Manage your Identities and Access
It is a trend among startup to develop a “transparency and agile culture” where anyone have access to everything and can do everything. In fact it is a quick and dirty way to implement that kind of culture while greatly increasing cybersecurity risks. Minimize administrative privileges and access to sensitive documentation.
Having a healthy relationship with user account will also help to identify obsolete one. Those accounts created months ago for a trainee now out of the company or this administrator account created just for the launch of one project. Those forgotten account are what cybercriminal are searching for. Get rid of them.
Protect your Showcase Website
Internet presence is key for successful startups. They may spend thousand of dollars in Web Agency, copywriting or Search Engine Optimization. But none in cyber protection. If your startup website is down or defaced, your business can go down in a matter of hours.
Cheap web security offered by player like CloudFlare, Akamai or Imperva are available for tenth of dollars a months. They will act as a proxy, filtering the internet traffic and trashing Web Attacks, DDOS attacks and spamming bots.
In our digital economy, digital security is mandatory. For startup, being proactive on cybersecurity is a good signal for customer and investors. Involving all employees in this responsibility will decrease the costs of the protection and will enhance a sustainable culture for future growth.