10 Data Security Mistakes Startups Can't Afford to Make
Grow Your Business, Not Your Inbox
Startups are usually in a rush, and they often forget about data security as they try to get an MVP out.
With new businesses, a data breach can result in the company closing down. To address the mistakes most commonly made, I asked ten YEC entrepreneurs the following:
What’s the one crucial mistake that tech startups seem to make when it comes to data security nowadays and why?
1. Personal and professional borders.
Bring your own device (BYOD) has become increasingly popular during the past years, even more so in the startup scene. People don’t like carrying several smartphones and having to get proficient in different operating systems for tasks as checking their email or updating their calendars. However, convenience often compromises security. Workers’ personal devices can access and store sensitive corporate information locally. When the person leaves the company, the information leaves with them, forever stored on his or her device. Security-wise, this is a crucial mistake.
2. Ignoring two-step authentication.
Two-step authentication – the system that sends your mobile phone a code via SMS, to enter when logging in a new web page – is an easy, but often ignored, initial step. It is now offered in all the key business platforms, including Salesforce and Google Apps for Work. You can even enable this security system in social networks at will. Since password breaching is becoming more and more common, the wise thing to do is to enhance your online-stored sensitive information with an added protection layer.
3. Security issues.
Racing to get a sustainable product on the market and getting those all important sales is a top startup priority, which may cause security mishaps early on. Ensuring that your systems are secure is a meticulous process which can rob resources from product development. However, when startups “cheat” during security setup, it is almost certain that they’ll come across the same problem in the future. Privacy and safety should be top priorities from the beginning.
4. Insufficient exit protocols.
Data lapses and security breaches are more common with companies that depend mostly on freelancers or part-time staff unless they incorporate a predetermined exit procedure. Data loss, in the form of confidential information sharing, account access and other, is not hard to take place when sensitive corporate data remains stored on the devices of these people; they are not so security-conscious on their personal devices, or they even forget about having the information stored in the first place. You ought to protect your company’s and your client’s information by planning ahead with your legal team.
5. Forgoing SSL from the beginning.
SSL (Secure Sockets Layer) is easily implementable from day one. It should be enabled by default in every website. It reassures your users, while upgrading the security level of your communications.
6. Failing to prioritize security.
Startups often think they can leave security for later when they will have grown larger. The problem with this approach is that the company fails to incorporate security in its core values, which makes it harder to deal with when the time comes.
7. Having no policies for cloud storage.
Cloud Storage services like Dropbox, Box and Google Drive, are an amazing way to keep your team up to speed and handle documents. However, failing to lock them down properly renders them vulnerable to ransomware, viruses, and unauthorized access. The main vulnerability is the convenience of file sharing itself, which means that backups, anti-virus, password, email attachment and access policies must be set up before a single user is allowed to cause trouble for a whole company.
8. Disregarding security best-practice.
Change in security practices follows the pace of technological evolution. This means that security standards from a decade ago are now obsolete. Many startups fail to keep up with the most up-to-date security developments and as a result, they use outdated encryption protocols or old techniques that can be breached by hackers and crackers.
9. No internal policies and infrastructure.
Tech startups are in a prime position regarding data security because they have the ability to apply best industry practices from the start, without being kept behind by outdated systems. This has resulted in unprecedented product security. However, despite the increased security, internal protocols and practices at tech startups have not evolved accordingly. Limited use of single log-in, sharing of credentials and insecure password policies are all aspects of the failure of technology startups to invest adequate resources in their internal systems and infrastructure or their influence on data security.
10. No suspicious activity notifications.
About half-a-year ago, I suffered a data breach that brought me close to a significant financial setback. For starters, I used a single (weak) password across many organizations, as well as for personal use. Someone figured out the password, and I suffered breaches in multiple points at the same time. I could have easily avoided this catastrophe with a simple policy regarding password strength. What’s more, I found out that sophisticated data security tools exist in many systems for mitigating data breaches. On Google Apps for Business, for example, I set up a notification alert to be sent whenever weird activity takes place.