• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Startup Security Tips 101: Don’t Become a Statistic

April 5, 2017 By Marc Laliberte

According to a 2016 report from Small Business Trends, 43 percent of cyberattacks target small businesses. Unfortunately, once attacked, 60 percent of them close their doors within six months. The reality is that today’s startups and smaller organizations face unprecedented security challenges. But when asked, only 14 percent classify their ability to mitigate these threats as highly effective.

Being a startup is already hard enough without having to combat things like ransomware, malware, phishing attacks and more. That’s why it’s so important for startups to be prepared to stop or survive the latest threats and vulnerabilities. So where should startups focus their attention so they don’t become a statistic? Here are some tips:

Security Education is Key

While there’s the need to invest in technical security controls, user education plays a critical role in startup defense. The best educational programs are embedded into a company’s culture. While more established companies may struggle to change the culture and behaviors of existing employees, startups have the benefit of defining it early on. By creating a security awareness program immediately, startups can make security best practices a core part of employee culture. For example, training employees to spot phishing attacks or outlining how they can handle data safely could prevent future problems.

Worry About the Jewels, Not the Silverware

Many startups don’t have the time or money to conduct an official network security evaluation, which can help when designing security policies and implementing strong network defenses. Taking time to focus on protecting the data and infrastructure that matters is vital. In the absence of a full security review, it’s important to ask key questions to teams within the organization to ensure focus is being applied in the correct areas. For example, your product management team could be working on creating new software. Collaboration is key to the process. How that server or system is being secured should be a priority. On the other hand, marketing is working on some non-sensitive marketing materials. Perhaps they can just use a cloud service to communicate. If the materials are not sensitive, it’s okay to stay nimble.

Look for Solutions That Empower Your Employees

Focus on security solutions that cause the least amount of user friction. The most secure multifactor authentication systems might make you enter strong passwords and use a specialized hardware token that generates a one-time code. While this is very secure, it adds tons of friction to the user experience and could be overkill. Another option could be to use a mobile devices biometric check and the mobile device’s ID together, without having to enter a password (other than the first time). In short, sometimes it’s better to adopt good-enough security that doesn’t slow down your users, instead of making them feel like they’re in the CIA.

Focus on All-In-One Solutions to Maximize ROI

Antivirus and firewalls are a basic start to security, but in today’s threat-rich environment they’re just not enough. Startups should be looking to deploy Unified Threat Management (UTM) solutions that offer a ton of security controls in one simple platform. While these solutions may not always be a perfect fit for massive enterprises with different technology and security owners, they’re perfect for small- and medium-sized organizations or a distributed enterprise. All of the needed security services are consolidated in a single appliance helping startups simplify the deployment and ongoing management.

Have a Backup Plan

Chances are high that a security incident will occur. The best way to ensure minimal impact on the organization is to be prepared with a plan. As a startup, security won’t be perfect. In reality, no organization has perfect security. But, successful companies have disaster recovery/business continuity plans. If a security incident does occur, having a plan is key. For example, maintain up-to-date backups of important data, and keep those backups offline where ransomware can’t reach them. Then, test backups regularly to confirm recovery procedures work. Finally, plan the response in the event of a disaster – like a fire destroying your critical systems. Prior preparation could be the difference between picking up the pieces and shutting your doors permanently.

Want additional tips? Check out how to keep your business safe while using social media here.

Share This:

Related

Filed Under: Editorial Articles Tagged With: Security Education

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
  • TikTok is Banned, Kind Of
  • Naming APTs

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • How Not to Update Software
  • Naming APTs
  • TikTok is Banned, Kind Of
  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use