My Queue

There are no Videos in your queue.

Click on the Add to next to any video to save to your queue.

There are no Articles in your queue.

Click on the Add to next to any article to save to your queue.

There are no Podcasts in your queue.

Click on the Add to next to any podcast episode to save to your queue.

You're not following any authors.

Click the Follow button on any author page to keep up with the latest content from your favorite authors.


Security for Startups: Protection on a Budget

The Woerndle brothers spent a decade building their business and lost it in one day. Don't make the same mistake.
Security for Startups: Protection on a Budget
Image credit: Oliver Nicolaas Ponder/EyeEm | Getty Images
Guest Writer
5 min read
Opinions expressed by Entrepreneur contributors are their own.

The Woerndle brothers, Carl and Alex, founded Distribute.IT in 2002 and experienced the various phases of growth. After successfully scaling their company over nine years, they had roughly 30,000 clients who paid them on a recurrent basis. It was the kind of business story everybody wants -- until it wasn't.  

On June 3, 2011, Carl Woerndle received a chilling phone call. Distribute.IT's network had been breached. The brothers and their team quickly scrambled to repair the damage, but it was too late. They worked 72-hour sessions more than once, trying to restore the network to normal. But the Woerndle brothers ultimately faced the unavoidable truth: A single breach had cost them their business.

Even worse, The Woerndles' story isn’t an isolated incident. Another entrepreneur's company generated about $1 million in annual revenue, and his wife ran a childcare business on the side. One day, a disgruntled employee hacked his website, stole customers' email addresses and contacted customers with the false information that the business was a front. The employee accused the couple of using the childcare center as a means to enable pedophiles to exploit the young boys and girls there. The incident cost the couple both businesses. 

Understand the risks.

Many startups are obsessed with getting funding, marketing, garnering press, boosting sales and increasing conversions. Most small-business owners devote little to no focus on security aspects. It's a dangerous mistake.

According to John Mason from, “The most important concern of any startup should be security. Research shows that at least 50 percent of Americans will be hacked and that about 70 percent of businesses are hacked each year. Not preparing for something like that could have lasting effects.”

Related: WannaCry Ransomware: What You Need to Know

If your website is hacked, you could be left with serious damages. Here are a few of the most notable.

  • A dead business you’re unable to revive. The U.S National Cyber Security Alliance reports 60 percent of businesses that suffer a hack attempt do not survive the next six months.

  • A damaged brand. Major brands such as Yahoo! and Sony survived hacks because they're so integrated in people’s lives. You small business probably doesn't stand the same chance. Once your brand sustains serious damage, it's most likely damaged forever. 

  • Financial troubles. It’s especially tough for startups to weather a hack. Security breaches cost a lot of money to fix. Sony spent around $170 million to clean things up after the infamous PlayStation Network hack in 2011. To make matters worse, your business won't generate any revenue during the hack or its immediate recovery period. 

Even with all this compelling information, many companies do nothing about security. Small-business owners often feel powerless to protect themselves, and their leaders reason that their limited finances are better spent elsewhere. After all, Sony, Yahoo and federal government agencies spend hundreds of millions of dollars on security and still get hacked. What chance does the little guy have?

More than you might think, actually. Starting with the ground-level safeguards at least will protect you from basic, less-sophisticated hackers. Don't let your company be the low-hanging fruit. 

Related: Your Startup Should Think About Security From the Beginning

Get cyber insurance. 

Most people don't realize this exists. Don't assume your company's standard insurance coverage protects anything beyond your physical storefront and its inventory. More often than not, you need a specialized policy to shelter your digital assets -- your network and the information it contains. Cyber insurance will protect you from several liabilities that could arise in the day-to-day of running your business as well as the unfortunate event you are the victim of a digital attack.

Regularly change logins.

A disgruntled employee brought down two businesses owned by the married couple described above. This family's assets would have stood a much better chance if the primary business had implemented a policy that regularly required two components: new login credentials from key users and removal of users who no loner worked with the company. 

Constantly require (don’t “recommend”) employees change their login details. Kick out redundant users, and suspend access for any employee who leaves your company -- the very day that employee leaves. 

Related: Passwords Are Slowly Becoming a Thing of the Past

Review your BYOD policy.

If at all feasible, make it impossible to access key parts of your server without using company equipment -- no more bring-your-own-device leniency. Computers, smartphones, tablets and devices should be thoroughly vetted, protected and used for only for business-related matters.

Related: Fake Apps Pose New Phishing Threat

Enable multi-party authorization.

Actions of disgruntled or compromised employees represent a significant percentage of compromised websites, especially when solid security is in place. Even the infamous eBay hack that resulted in the loss of 145 million users' information was possible only because a few key employees were compromised. Enabling multi-party authorization gives you more robust protection in the event of a hack. These systems make it impossible for a single employee to carry out certain key actions without authorization from other key team members. If a single employee is compromised, it will have no bearing on your business.

Continuously monitor systems.

Constant server monitoring and scans can go long way to bolster your website security. These processes might implement services such as Sucuri and should include scans of Payment Card Industry (PCI) data compliance. Prevention is the best cure. Monitoring can inform you of potential vulnerabilities before they're exploited -- and could just save your business.

More from Entrepreneur

Dustin's experience and expertise can help you monetize your message, build a marketing strategy and connect with influencers.
Book Your Session

In as little as seven months, the Entrepreneur Authors program will turn your ideas and expertise into a professionally presented book.
Apply Now

Create your business plan in half the time with twice the impact using Entrepreneur's BIZ PLANNING PLUS powered by LivePlan. Try risk free for 60 days.
Start My Plan

Latest on Entrepreneur