Ending Soon! Save 33% on All Access

What Startups Need to Do to Be Cyber Secure in 2015 Hackers are out there, and they're attacking businesses large and small.

By Zach Cutler Edited by Dan Bova

Opinions expressed by Entrepreneur contributors are their own.

2014 was a year full of unprecedented cyber attacks in the U.S.

Big companies such as Target, Home Depot, Michaels, P.F. Chang's and JP Morgan fell victim to data breaches, and 2015 is already heading down a similar path. Anthem, the second largest health insurance company in the U.S., announced a massive data breach on Feb. 5.

But big name businesses aren't the only targets. A report published by the Ponemon Institute in September 2014 found that almost half of all U.S. companies have experienced a security breach of some sort in the past year. Hackers are out there, and they're attacking businesses large and small.

I spoke with three cybersecurity experts about 2015 trends and what startups can do to keep their data safe this year:

1. Detection over prevention

In 2015, prevention is no longer enough to keep data safe from hackers.

Related: Hackers Hijack Chipotle's Twitter Account, Tweet F-Bomb and N-Word Insults

"Hackers have gotten very sophisticated, and preventing breaches entirely is impossible," says Nat Kausik, CEO of Bitglass, a leader in cloud access security. "Companies need a two-pronged approach balancing breach prevention and breach discovery and remediation."

This year, the focus will shift from preventing attacks to detecting breaches and minimizing the harm they cause.

"This is a philosophical change that was brought about by the waves of breaches last year -- Target, JPMorgan, HomeDepot, Sony," Kausik says. "Each of these companies invested a lot in preventing breaches, and yet got hacked. The average breach lasts 229 days entirely undetected. Catching breaches early can limit the damage considerably."

Fengmin Gong, co-founder and chief strategy officer of Cyphort, an advanced malware defense company that detects and fights targeted threats, corporate espionage and IP theft, agrees that security needs to advance beyond prevention tactics.

"First we implement a "continuous monitoring and mitigation' approach," Gong says. "Next we identify all critical assets and the potential attack surface. Then we implement a detection and response solution and finally we implement an ongoing process for security posture assessment and improvement."

2. Security literacy

Security starts from within an organization. Establishing safety practices and ensuring all employees are aware of them is key.

"Policy and education of the workforce goes a long way toward better security posture, especially in this age where advanced threat actors increasingly resort to social engineering tactics in their threat campaign," Gong says.

He advises business leaders to instruct their employees to follow these basic practices:

  • Keep the endpoint system and security software updated and enable auto update.
  • Don't install apps from untrusted sources.
  • Don't install apps as the device administrator unless it's necessary.
  • Stop saying "yes" to all permission requests. Why should a news feeder access your contact list?
  • Stay vigilant of what's running devices, and investigate suspicious activities

Related: Sometimes Hackers Just Want to Embarrass You

3. Cloud protection

As technology evolves, so will cyberattacks, and the next target may be information stored in the cloud.

"In this evolving mobile and cloud era, it is no longer about protecting your enterprise boundaries or devices, but more about protecting the assets themselves, wherever they may reside," says Rehan Jalil, CEO of Elastica, a cloud security company. "As more and more valuable assets migrate to the cloud, cybercrime will follow."

Although many cloud providers have sound infrastructures, Jalil suggests that organizations are still vulnerable through the standard username and password setup that allows full access to company data.

"Phished credentials, malware hijacking valid HTTPS connections, and malicious insiders are all very real threats and represent the easiest ways to attack corporate assets in the cloud," he says. "Organizations would be wise to integrate a security strategy as part of their overall cloud strategy to ensure that they are adopting safe cloud apps and are taking proper data governance and threat prevention practices."

4. Practical steps

When revamping cybersecurity efforts, Gong suggests startups take the following steps:

  1. Focus on the most valuable assets.
  2. Set clear goals.
  3. Adopt one process and one flow.
  4. Insist on tools to fit your workflow.
  5. Review and improve practices.

Although implementing data security can cost time and money, it is a critical component for businesses today.

"Putting comprehensive security solutions in place to protect your critical assets, including those stored in the cloud," Jalil says, "is a very small price to pay to avoid the massive damages we have seen organizations grapple with in 2014."

Related: Companies Need to Take Responsibility for Protecting Sensitive User Data

Zach Cutler

Founder & CEO, Cutler PR

Zach Cutler is an entrepreneur and founder and CEO of Cutler PR, a tech PR agency in New York and Tel Aviv. An avid tech enthusiast and angel investor, Cutler specializes in crafting social and traditional PR campaigns to help tech startups thrive.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Growing a Business

Want to Expand Your Market Overseas? Here's Everything You Need to Know About Global Logistics in 2024

With rising geopolitical tensions and changing market conditions it can be hard for businesses to navigate supply chain logistics even in a post-pandemic world. Here are three tips from the CEO of an international customs brokerage.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Business News

Kickstarter Is Opening Up Its Platform to Creators and Making Big Changes to Its Model — Here's What's New

The company noted it is moving beyond traditional crowdfunding and making it easier for businesses to raise more money.

Business News

Elvis Presley's Granddaughter Fights Graceland Foreclosure, Calls Paperwork 'Forgeries'

The 13.8-acre estate was scheduled to be sold in a public foreclosure auction on Thursday. Presley's granddaughter and heir, Riley Keough, is fighting to save Graceland in court.

Business Culture

The Psychological Impact of Recognition on Employee Motivation and Engagement — 3 Key Insights for Leaders

By embedding strategic recognition into their core practices, companies can significantly elevate employee motivation, enhance productivity and cultivate a workplace culture that champions engagement and loyalty.