According to a 2016 report from Small Business Trends, 43 percent of cyberattacks target small businesses. Unfortunately, once attacked, 60 percent of them close their doors within six months. The reality is that today’s startups and smaller organizations face unprecedented security challenges. But when asked, only 14 percent classify their ability to mitigate these threats as highly effective.
Being a startup is already hard enough without having to combat things like ransomware, malware, phishing attacks and more. That’s why it’s so important for startups to be prepared to stop or survive the latest threats and vulnerabilities. So where should startups focus their attention so they don’t become a statistic? Here are some tips:
Security Education is Key
While there’s the need to invest in technical security controls, user education plays a critical role in startup defense. The best educational programs are embedded into a company’s culture. While more established companies may struggle to change the culture and behaviors of existing employees, startups have the benefit of defining it early on. By creating a security awareness program immediately, startups can make security best practices a core part of employee culture. For example, training employees to spot phishing attacks or outlining how they can handle data safely could prevent future problems.
Worry About the Jewels, Not the Silverware
Many startups don’t have the time or money to conduct an official network security evaluation, which can help when designing security policies and implementing strong network defenses. Taking time to focus on protecting the data and infrastructure that matters is vital. In the absence of a full security review, it’s important to ask key questions to teams within the organization to ensure focus is being applied in the correct areas. For example, your product management team could be working on creating new software. Collaboration is key to the process. How that server or system is being secured should be a priority. On the other hand, marketing is working on some non-sensitive marketing materials. Perhaps they can just use a cloud service to communicate. If the materials are not sensitive, it’s okay to stay nimble.
Look for Solutions That Empower Your Employees
Focus on security solutions that cause the least amount of user friction. The most secure multifactor authentication systems might make you enter strong passwords and use a specialized hardware token that generates a one-time code. While this is very secure, it adds tons of friction to the user experience and could be overkill. Another option could be to use a mobile devices biometric check and the mobile device’s ID together, without having to enter a password (other than the first time). In short, sometimes it’s better to adopt good-enough security that doesn’t slow down your users, instead of making them feel like they’re in the CIA.
Focus on All-In-One Solutions to Maximize ROI
Antivirus and firewalls are a basic start to security, but in today’s threat-rich environment they’re just not enough. Startups should be looking to deploy Unified Threat Management (UTM) solutions that offer a ton of security controls in one simple platform. While these solutions may not always be a perfect fit for massive enterprises with different technology and security owners, they’re perfect for small- and medium-sized organizations or a distributed enterprise. All of the needed security services are consolidated in a single appliance helping startups simplify the deployment and ongoing management.
Have a Backup Plan
Chances are high that a security incident will occur. The best way to ensure minimal impact on the organization is to be prepared with a plan. As a startup, security won’t be perfect. In reality, no organization has perfect security. But, successful companies have disaster recovery/business continuity plans. If a security incident does occur, having a plan is key. For example, maintain up-to-date backups of important data, and keep those backups offline where ransomware can’t reach them. Then, test backups regularly to confirm recovery procedures work. Finally, plan the response in the event of a disaster – like a fire destroying your critical systems. Prior preparation could be the difference between picking up the pieces and shutting your doors permanently.
Want additional tips? Check out how to keep your business safe while using social media here.