The to-do list for launching a new business is incredibly long and labor intensive. Consequently, security tasks usually fall by the wayside for reasons like lack of funds, resources or know-how.
Because security is often at the bottom of a startup’s checklist, new businesses are at the top of cyber criminals' target list. According to Symantec’s 2014 Internet Security Threat Report, the number of attacks against smaller businesses (with fewer than 250 people) nearly doubled from 18 percent in 2011 to 31 percent in 2013.
In 2013 and 2014, my company, CSID, surveyed small and medium-sized businesses on their security practices and found little change over the year despite the growing number of cyber attacks. In both years, my firm found that 3 out of 10 these smaller businesses were not taking any measures to protect against security threats. More troubling is the fact that 43 percent of the respondents felt comfortable with their current security measures, even if none were in place.
This year’s survey found that as smaller companies grow, they tended to dedicate more resources to protecting their business against security risks. While it’s encouraging to see businesses invest in security over time, it is troubling that security is not a business imperative from the get-go.
Security should be a priority for small and medium-sized businesses from Day 1, as the cost of a breach can be crippling. Fraud costs, data-breach investigation fees, reputation costs and customer-support expenditures are just a few reasons why budding businesses cannot afford to leave security to chance.
Here's a list of the most important security measures to consider when starting a business -- to avoid headache and financial heartache in the future:
1. Protect your identity. At the beginning, your business is very much an extension of yourself, making your identity attractive to cyber criminals. When you apply for a business license, much of the information submitted -- your name, business name, location, phone number and license -- will be publicly available.
Cyber criminals can target new business owners (since those starting a business likely have some money and a good line of credit) and try to obtain credit in the company’s name. Criminals might also compromise new business websites, as security measures are often not yet in place.
Be on high alert on personal social-media sites for social engineering schemes. Do not connect with people you don’t personally know.
Secure new business websites with long, complicated log-ins, keep virus software up-to-date and ensure that sensitive information is encrypted.
When you register your business, ask what, if any, information can be omitted in public records.
Keep an eye on your personal credit score and information for any fraudulent activity by using a credit and identity monitoring service.
2. Monitor your business credit. Most small and medium-sized company owners know that they have a business credit score, but a majority of them do not know what the number is. One tactic used by cyber criminals to exploit the finances of these companies is to pose as the owner and run up credit using the business’ name. This can ruin the line of credit for the business. New-company owners do not tend to keep a close watch on their business credit, which gives cyber criminals a chance to abuse it before getting caught.
Know your business credit score and look for any suspicious changes in your credit every month for your business' first year. After that, check every six months.
Try a monitoring service to keep track of your business’s overall health and mitigate the risk of a breach.
3. Use secure devices and networks. Many startups don't have an office, and entrepreneurs rely on coffee shops, libraries and other public places as remote worksites. When working in a public setting, make sure your device and network are secure to keep cyber criminals from collecting sensitive information via tactics like man-in-the-middle attacks (when someone intercepts Internet traffic).
Make sure any cloud services you access are secure. Services like Box, Copy and Hightail are great, inexpensive solutions for startups. Before using any service, do your research. Any cloud vendor you use should have a trustworthy security reputation.
Use a virtual private network (VPN) when working in a public setting. A VPN allows you to access a secure network when you are in an otherwise insecure place. Using a VPN can help protect sensitive communication from cyber criminals trying to hack into devices connected to insecure, free public Wi-Fi. There are many free and inexpensive VPN apps you can use to protect your devices.
Make sure your mobile device does not automatically join the nearest available Wi-Fi connection. This can put your mobile device that stores personal and work information at risk for a man-In-the-middle attack.
As your business grows, security risks will shift, prompting the need for a different set of security measures.