Get All Access for $5/mo

What Startups Need to Do to Be Cyber Secure in 2015 Hackers are out there, and they're attacking businesses large and small.

By Zach Cutler Edited by Dan Bova

Opinions expressed by Entrepreneur contributors are their own.

2014 was a year full of unprecedented cyber attacks in the U.S.

Big companies such as Target, Home Depot, Michaels, P.F. Chang's and JP Morgan fell victim to data breaches, and 2015 is already heading down a similar path. Anthem, the second largest health insurance company in the U.S., announced a massive data breach on Feb. 5.

But big name businesses aren't the only targets. A report published by the Ponemon Institute in September 2014 found that almost half of all U.S. companies have experienced a security breach of some sort in the past year. Hackers are out there, and they're attacking businesses large and small.

I spoke with three cybersecurity experts about 2015 trends and what startups can do to keep their data safe this year:

1. Detection over prevention

In 2015, prevention is no longer enough to keep data safe from hackers.

Related: Hackers Hijack Chipotle's Twitter Account, Tweet F-Bomb and N-Word Insults

"Hackers have gotten very sophisticated, and preventing breaches entirely is impossible," says Nat Kausik, CEO of Bitglass, a leader in cloud access security. "Companies need a two-pronged approach balancing breach prevention and breach discovery and remediation."

This year, the focus will shift from preventing attacks to detecting breaches and minimizing the harm they cause.

"This is a philosophical change that was brought about by the waves of breaches last year -- Target, JPMorgan, HomeDepot, Sony," Kausik says. "Each of these companies invested a lot in preventing breaches, and yet got hacked. The average breach lasts 229 days entirely undetected. Catching breaches early can limit the damage considerably."

Fengmin Gong, co-founder and chief strategy officer of Cyphort, an advanced malware defense company that detects and fights targeted threats, corporate espionage and IP theft, agrees that security needs to advance beyond prevention tactics.

"First we implement a "continuous monitoring and mitigation' approach," Gong says. "Next we identify all critical assets and the potential attack surface. Then we implement a detection and response solution and finally we implement an ongoing process for security posture assessment and improvement."

2. Security literacy

Security starts from within an organization. Establishing safety practices and ensuring all employees are aware of them is key.

"Policy and education of the workforce goes a long way toward better security posture, especially in this age where advanced threat actors increasingly resort to social engineering tactics in their threat campaign," Gong says.

He advises business leaders to instruct their employees to follow these basic practices:

  • Keep the endpoint system and security software updated and enable auto update.
  • Don't install apps from untrusted sources.
  • Don't install apps as the device administrator unless it's necessary.
  • Stop saying "yes" to all permission requests. Why should a news feeder access your contact list?
  • Stay vigilant of what's running devices, and investigate suspicious activities

Related: Sometimes Hackers Just Want to Embarrass You

3. Cloud protection

As technology evolves, so will cyberattacks, and the next target may be information stored in the cloud.

"In this evolving mobile and cloud era, it is no longer about protecting your enterprise boundaries or devices, but more about protecting the assets themselves, wherever they may reside," says Rehan Jalil, CEO of Elastica, a cloud security company. "As more and more valuable assets migrate to the cloud, cybercrime will follow."

Although many cloud providers have sound infrastructures, Jalil suggests that organizations are still vulnerable through the standard username and password setup that allows full access to company data.

"Phished credentials, malware hijacking valid HTTPS connections, and malicious insiders are all very real threats and represent the easiest ways to attack corporate assets in the cloud," he says. "Organizations would be wise to integrate a security strategy as part of their overall cloud strategy to ensure that they are adopting safe cloud apps and are taking proper data governance and threat prevention practices."

4. Practical steps

When revamping cybersecurity efforts, Gong suggests startups take the following steps:

  1. Focus on the most valuable assets.
  2. Set clear goals.
  3. Adopt one process and one flow.
  4. Insist on tools to fit your workflow.
  5. Review and improve practices.

Although implementing data security can cost time and money, it is a critical component for businesses today.

"Putting comprehensive security solutions in place to protect your critical assets, including those stored in the cloud," Jalil says, "is a very small price to pay to avoid the massive damages we have seen organizations grapple with in 2014."

Related: Companies Need to Take Responsibility for Protecting Sensitive User Data

Zach Cutler

Founder & CEO, Cutler PR

Zach Cutler is an entrepreneur and founder and CEO of Cutler PR, a tech PR agency in New York and Tel Aviv. An avid tech enthusiast and angel investor, Cutler specializes in crafting social and traditional PR campaigns to help tech startups thrive.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Leadership

Should I Stay or Should I Go? 8 Key Points to Navigate the Founder's Dilemma

Here are eight key signs that help founders determine whether to persevere or let go.

Marketing

Your Most Powerful Marketing Weapon Is Hiding in the Finance Department — Here's Why

Transform your marketing leadership by turning finance from a barrier into a strategic ally. Learn how aligning with your finance team can drive unprecedented growth and innovation.

Starting a Business

They Bought an Ice Cream Truck Off eBay for $5,000. Now Their Company Has 70 Shops and Sells Treats in Over 12,000 Stores.

For the episode of "The Founder CEO," the co-founder and CEO of Van Leeuwen Ice Cream explains how one ice cream truck grew into a successful nationwide brand.

Growing a Business

How Connecting With the Right Audience Drives Long-Term Business Success

Here's how targeted lead generation can help you unlock higher conversions, stronger brand loyalty and scalable growth.

Business News

Meta Makes $1 Million Dollar Donation to Donald Trump's Inaugural Fund

Meta CEO Mark Zuckerberg also reportedly gave Trump a pair of Ray-Ban Meta smart glasses.

Business News

'You Own Nothing Here on Social': Meta Outage, Looming TikTok Ban Has Creators Questioning How Much of Their Business They Really Control

With repeated tech outages and a possible TikTok ban on the horizon, creators are looking for new ways to influence. Turns out, one old-school way still reigns supreme.