Posted on

5 cybersecurity strategies every startup must know

Not many businesses prioritise cybersecurity, even as cyber attacks cost companies around US$200,000 (each) on average. One study by Accenture found that only 14 per cent of small businesses are ready to address cyber threats.

Despite the low rate of cybersecurity preparedness among businesses at present, it’s worth noting that things have changed significantly compared to the situation in the past decade.

In today’s highly connected environment, it’s virtually impossible to separate cybersecurity from business strategy. Securing computers, networks, and cyber resources is already an inevitable part of crafting a sensible strategy for doing business.

The World Economic Forum considers cybersecurity as the top concern for CEOs around the world as data breaches don’t only lead to reputation damage. They have a direct effect on the finances of a business.

The 14 per cent that prepares for cyber threats have a good grasp of what needs to be done. They adopt not only basic protection but also implement more advanced and targeted solutions in order to anticipate more aggressive attacks.

Automated security systems enable startups and small businesses to continue focusing on their businesses without needing to implement complicated methods and learn all of the technicalities of cybersecurity. Knowing and doing the following essential strategies is already a significant stride in fending off cyber threats.

Also Read: Meet the 10 cybersecurity startups graduating from ICE71 Accelerate programme

Intelligent solutions

At the workplace, having antivirus or malware defence tools installed is not as simple as it sounds. First, you need to make sure that you are getting the best option available, something that perfectly suits your needs. Generally, it’s not enough to rely on freeware security tools, let alone free software from dubious sources.

Free solutions may be great for baseline protection, but they don’t do anything beyond it. They can effectively detect, quarantine, and remove malware, but that’s all they are designed to do.

Cyber threats are not limited to malware transmitted through downloads, file transfers, or email attachments. They can also take other forms such as SQL injection, cross-site scripting, DoS and DDoS, eavesdropping, man-in-the-middle attacks, phishing, and social engineering.

There’s a reason why third-party security software and services still sell in the presence of free tools. For one, they offer functions and features that address threats other than traditional malware. They also offer services that address specific critical needs of businesses.

For startups, for example, targeted solutions such as automated penetration testing can significantly increase security especially for those that process a lot of data. Other security solutions that can be included in your arsenal are ransomware detection and prevention, password management, weblink scanning and tagging (for safer web browsing), and a more advanced firewall.

Also Read: Goldman Sachs invests US$147M in cybersecurity startup Acronis, gearing up for acquisitions

Educating users about cybersecurity

People are arguably the weakest link in the cybersecurity chain. Antiviruses or malware scanners can work ceaselessly to monitor attacks and prevent them in real-time. They do everything wirelessly and automatically. They may have instances of false negatives or failures in detection, but overall they get the job done efficiently.

People, on the other hand, are prone to deception, especially those who are new to the concept of cybersecurity. It’s not extremely difficult to make phishing schemes work. Some may even be convinced to temporarily shut down their malware defences to allow the installation of a supposedly harmless application.

The solution to this problem is to educate everyone in the business organisation about cyber threats and prevention strategies. It’s important to teach managers and employees about various forms of cyberattacks, especially those that involve social engineering. It is advisable to develop the ability to perceive possible phishing attacks, for example.

There should be clear cybersecurity guidelines, protocols, and procedures in the office or workplace, and these should be clearly conveyed to everyone. It may also be necessary to compel everyone to use stronger and different passwords for different accounts and devices.

Also Read: Imbalance between work and personal life is a cybersecurity issue

Data encryption

Stolen data may only be considered harmful if it becomes useful to the party stealing it.

Encryption as a cybersecurity strategy is done not only on files stored in the hard drive. It’s something that also needs to be implemented on data exchanged between a client device and a server, saved passwords, and inputs to online forms, as well as files stored on the cloud.

There are many tools that can be used for encryption. On Windows, there’s the popular BitLocker. On Mac, there’s a built-in solution that involves the conversion of files or folders into a disk image, or you can use FileVault. To encrypt data exchanged between a client device/app and server, the solution is to use https or SSL encryption.

Meanwhile, to help employees avoid data sniffing or other similar attacks, it is recommended that they use VPNs. When it comes to data stored in the cloud, most cloud service providers have integrated encryption tools. If you use a cloud service that does not provide this function, it’s better to switch to a different provider.

Encryption takes time and computing resources. Hence, it’s impractical to do it for all files. It makes sense to choose specific types of files such as business plans, project files, financial records, and confidential documents. This is something for the management to decide upon.

Also Read: Cybersecurity in the age of information warfare and IoT

Multi-factor authentication

Another simple but highly effective cybersecurity strategy for startups and even for established businesses is the use of multi-factor authentication or at least two-factor authentication. For the uninitiated, this means the addition of another requirement besides the username and password when logging in to an account.

It could be a code sent to a mobile number or email address, a biometric scan, or a physical device inserted into the USB or some other port in a device.

Multi-factor authentication ensures that even if cybercriminals successfully steal sets of usernames and passwords, they will still be denied access when they use the stolen login credentials. Just make sure that you don’t end up locking yourself out of your accounts because you lost the phone number (SIM card) or email address you use in setting up your 2FA or multi-factor authentication.

Update all software

Lastly, it’s a must to keep all of your applications and operating systems updated. Updates exist not only to add new features to software or OS. Often, they carry security patches to address vulnerabilities that may be exploited by emerging threats.

They are also released to address stability issues. Updates may raise bandwidth consumption, but it’s a small price to pay in exchange for a more secure and stable device or software.

Also Read: Cybersecurity in the age of information warfare and IoT

Takeaway

The threats startups face are not different from what larger and more established companies. After all, cyberattacks generally don’t discriminate. They focus on vulnerable entities—those that don’t have adequate protection installed and people who happen to be clueless about the different forms of attacks and strategies to counter them.

Except for cybercriminals specifically paid to attack specific entities, hackers and cyber attackers target companies not because they expect to get something highly valuable, but mainly because their initial random attacks were able to penetrate.

Editor’s note: e27 aims to foster thought leadership by publishing contributions from the community. Become a thought leader in the community and share your opinions or ideas by submitting a post.

Join our e27 Telegram group here, or like e27 Facebook page here.

Image: Pixabay

The post 5 cybersecurity strategies every startup must know appeared first on e27.