Startups Get Hacked Too: 5 Security Tips to Implement Today
Join us at Entrepreneur magazine's Growth Conference, Dec. 15 in Long Beach, Calif. for a day of fresh ideas, business mentoring and networking. Register here for exclusive pricing, available only for a limited time.
Securing your company's data may be the last thing on your mind when launching a startup, but it shouldn't be.
Protecting sensitive material like customer information, employee files, financial materials and intellectual property can be extremely daunting and expensive. But consider the consequences of doing nothing. The average cost of a data breach in the U.S. is $188 per record and the average number of records lost per breach is 23,647, according to Ponemon Institute's 2013 Cost of Data Breach Study.
Another factor to ponder is startups are quickly becoming popular targets for cyber criminals, as smaller businesses tend to have fewer security mechanisms in place -- making it easier, quicker and less risky for a cyber criminal to access data.
To stamp out this threat and rev up your cyber security, here are five easy and inexpensive tips:
1. Create a formal security plan.
Developing a security plan is one of the first things you should do at a startup. To create a strong plan, first determine who has access to data. Map out a policy that will guide employee use and access to sensitive data.
If your company allows employees to work off of personal devices like laptops or smartphones, ensure they are password protected. Include a policy that enforces employees to change login passwords at least every six months on both personal and work devices.
Also, outline a data breach preparedness strategy in case sensitive data is compromised. This plan should include a quick and honest communications approach with customers to avoid reputation damage.
Lastly, be sure the policies in place are enforced and updated as your business grows.
2. Store minimal customer data.
If you collect it, you have to protect it. Only gather customer data that you plan on using and is essential to your business. The less sensitive data you collect, the less you have to worry about it being compromised, allowing more time to focus on other areas of your business.
3. Educate employees and monitor their usage.
Educating employees on security best practices is an easy and effective way to protect your startup. Most data breaches are caused by human fallibility, such as employees using company credentials on another website or losing a USB stick with sensitive information.
You can also monitor employee information and actions to make sure any work credentials, including email addresses and passwords, are not breached if they happen to be used on other websites. Our Enterprise Threat Intelligence software, for instance, enables a business to troll for compromised company information that is being sold on the black market.
If you notice any vulnerability, ask employees to update passwords to limit the potential impact of the stolen information.
4. Check your business’ credit report.
Much like you would monitor your personal-credit report for suspicious activity, do the same for your business’ credit report. Unwarranted activity on your business’ credit report is an excellent indicator your startup has been breached. The National Cyber Security Alliance’s website Stay Safe Online has excellent information about best practices for monitoring your business’ credit report and things to look for that may indicate your business has been breached.
5. Pick reputable vendors.
Pick third-party vendors carefully, as your business data could be at risk if your vendor gets hacked. If you decide to use the cloud to store company data, pick a trustworthy one that’s known for their security and provides a two-factor authentication option, one that requires a two-step process, like a password and a PIN, for users to log in. A simple Google search related to the company could provide reviews, news of hacks and other pertinent information.
What other tips do you have for protecting your data? Let us know in the comments below.