6 Security Measures Every Startup Should Take in 2017
Hackers are busy at work, and every business is at risk. Even yours.
Opinions expressed by Entrepreneur contributors are their own.
Cyber criminals do not discriminate -- every business, regardless of size and reputation, is a potential victim. In fact, small businesses and startups are seen as more appealing to them because they are more vulnerable and usually do not have the security mechanisms of bigger companies.
In 2015 alone, number of data breaches in the U.S. increased to about 781, about 500 percent more than the number recorded in 2005. The number of records compromised stood at about 169 million, up more than 250 percent from 2005. This resulted in a financial cost of about $205.94 million. Looking at global numbers, about 707.5 million records were compromised (that is about 22 records every second) in 2015 alone, with this number rising to more than 5.8 billion since 2013.
Regardless of how small or inconspicuous you may think your business is, havingcyber security measures in place to protect your business's data is a non-negotiable responsibility of every business owner and startup entrepreneur. Here are a few ways you can go about it.
1. Conduct sufficient screening and background checks.
While hackers catch most of the dissension for cyber breaches -- and rightly so -- a good number of breaches stem from internal sources. About 14 percent of global data breaches in 2015 came from within the business's network firewall.
Extensively screen all prospective employees. This goes beyond conventional calling references. Evaluate their knowledge of cybersecurity measures as well as their browsing patterns. It also helps to allow an initial trial period, during which their access to sensitive data is blocked or limited, while you monitor them for any suspicious network activity.
2. Leverage a disaster recovery service.
Any catastrophe, natural or intentional, such as hacking, can destroy your business' database, in worst-case scenarios, causing a total or near-total shutdown of the enterprise. This can also cost your business financially. For Fortune 1000 companies, the average cost of infrastructure failure is $100,000 per hour.
Disaster recovery services are built to ensure that your business' data is always available to you especially in the event of an attack. It is designed to protect and restore data, servers or entire data centers. In case of outage, your systems can be recovered and restarted locally or in a cloud, enabling you to continue running your business' applications until you can safely get back up and running.
In today's competitive business world, the rising cost of downtime and the competition to always be online has made disaster recovery service a viable IT business solution.
3. Eliminate password vulnerability.
Many people still use very predictable and clumsy passwords for sensitive records, such as their online banking account login information. See this list of some of the worst possible passwords people use to get a better sense of how vulnerable many of our accounts are. The general rule to follow is to use a mixture of numbers, letters and symbols of no less than eight characters. This is good, but you can take it a step further.
A study conducted by Linkoping University in Sweden reported that 68 percent of online users reuse passwords, while 28 percent of users never change their passwords. Microsoft advises to never use personal information (such as your birth date), a rearrangement of commonly spelled words or a word constituting letters close to each other on the keyboard.
Consider using words or phrases that you like, and make them at least 12 characters long. Have a unique password for each of your accounts. Create a master document that has all your accounts information on it and password this document too. You can also have a hand written copy of this master document stashed away in a safe place.
Make it compulsory for your employees to change all their accounts passwords regularly, at least every 90 days. This will help protect your server from internal intruders and work place breaches and will maximize global data security across your business.
4. Use a multi-step authentication process.
While a strong password helps to mitigate the threat presented by hackers, an extra verification and confirmation process while logging in to any of your accounts can only make it better. Consider adopting a two-step verification process while logging into any of your online accounts on any device. The extra confirmation layer could be your biometrics, a security key or phrase or a unique one-time code sent your mobile number.
Use this method to protect key banking, email, network and social media accounts, and get your employees to do the same. Most email providers, financial institutions and some other online services usually offer this feature as an opt-in.
5. Keep all your software up to date.
Hackers are always toying with new ways to breach security systems. This forces software companies to constantly work on improving the security measures on their product offering so that it is always safe against new and old threats.
All you have to do to have these new security measures working for you is to update all your software. Your computer and networks are only as safe as their most recent software update.
6. Be careful with links.
Never click a link you get via email or IM if you cannot trace it back to its origin or if you were not expecting it. Even if it is from a known source, it helps to verify by calling the sender first to be sure. Oftentimes you may find out that their account has been hacked.