[BreachExchange] How to protect your startup with IT
Audrey McNeil
audrey at riskbasedsecurity.com
Tue Apr 10 19:00:01 EDT 2018
https://www.killerstartups.com/startup-reviews/how-to-
protect-your-startup-with-it
60% of small businesses whose business is interrupted because of a
large-scale IT security issue never re-open their doors.
Based on the amount of effort it’s taken to get your startup off the
ground, it would be heart-breaking to see it derailed because of one
malicious program or an attempt by a cybercriminal to access your systems.
This an at-a-glance guide to making sure you’ve got the right IT in place
to make sure you’re protected from cybercriminals – and have a fighting
chance at taking your startup to the highest levels.
We’re too small to be hacked
You might think that as a small or new business you’ll be uninteresting to
hackers and cyber criminals – but we’re here to tell you that you’re just
plain wrong.
In fact, small businesses are more likely to be a target for criminals
based on exactly this – the perception that no one is interested in what
you’re doing. In reality, 50% of small businesses will experience a cyber
breach – and on average that breach is going to cost you somewhere in the
region of £1,400 to put right.
Worse still, there’s a good chance that cyber criminals will be looking to
extract personal data relating to your, your employees or your customers –
and if you’re found to be keeping this data in an unsafe manner, you could
face further fines under new GDPR data protection laws.
The message is clear – you’re not too small to be a target – and if you
think you are, the cost could be high.
5 crucial steps every business should take
Here’s the reality – there’s a good chance you just don’t have the money at
this stage in your company’s existence to throw money at cyber security
support.
Of course, this is a gamble, but one that many people take daily. However,
there are a few steps you can take that will make sure you’re protected for
little or no outlay. They are:
Backing Up
You may have heard about the huge cyber-attack that devastated the UK’s
National Health Service (NHS) during 2017. The problem was fairly simple –
the systems that were attacked had not been centrally backed up in quite
some time, meaning the ransomware was hiding vital information.
This could have been avoided by backing up frequently. To do the same, you
should look at what you need to back up – i.e. which information can’t you
do without? When you’ve worked out what that info is, backup to a service
or device that’s not permanently connected to your network.
It’s also important that this backup isn’t accessible by the rest of your
staff team – while this isn’t suggesting they’re criminals themselves –
it’s worth acknowledging that most cyber-attacks rely on some kind of human
error or oversight to gain traction in the first place.
Put protection in place
If malicious software can’t access your network devices then you’re safe.
However, we live in an interconnected world, so it’s natural that your
devices will be able to communicate with the wider internet.
As a first step, high quality anti-virus software should be implemented.
Avoid free options and take something that’s suitable for the size of
business that you are. To go alongside this software you should train and
educate staff in how to spot untoward applications and programs.
You should make sure that all your software is as up to date as possible
too. Software manufacturers refer to ‘patches’ that make sure your
software’s security is up to the highest standard.
It’s also worth considering what you allow employees to use as part of your
network. It’s forward thinking to say their own devices and memory sticks
can be used to carry out work tasks – but you should consider if their own
security measures stand up to your own.
Secure your mobile devices
This is a simple tip but absolutely vital – make sure your phones, tablets,
laptops and memory sticks are password protected and never lost or stolen.
One of the biggest issues for large businesses is the theft or loss of
networked devices – and while you’re never going to stop someone forgetting
a laptop bag, you can put measure in to place that mean devices can be
tracked and (if worst comes to worst) wiped remotely.
You also need to make sure that people don’t connect to unknown WiFi
networks too. Important information passed over networks can be hijacked
without the user knowing – leaving your data in someone else’s hands.
Secure your network
Most small businesses have some kind of network that connects their
devices. For some, that might be a router, PCs, printers and phones – but
for others it could be a large scale multi-site infrastructure with
hundreds of devices.
Whatever the size, you should do your utmost to make sure it’s secure.
While the convenience of being able to access your storage with your phone
or other mobile device might make work a breeze – you’ll quickly come to
regret this accessibility if it means cybercriminals have any easier access
point.
Unless you’re an IT networking startup, the chances are you won’t have the
time or resources in-house to make sure your network is protected –
however, talking to a managed network provider can give you access to
incredible skills and technology that would otherwise be out of your reach.
As you grow
As your business grows so will your IT network and security needs –
especially as you grow to occupy more than one site – or even find yourself
branching out into different countries.
As this happens, you can look to more sophisticated ways to manage your IT
networks – such as SD-WAN (which allows your network infrastructure to be
managed remotely – read more here) and specialist organisations who will
attempt to breach your security in an effort to highlight weaknesses.
But remember, you shouldn’t wait to put security into place.
Cyber-criminals aren’t interested in spending lots of time trying to topple
huge well-known businesses, they’re much happier taking advantage of the
small new businesses who think they’re flying under the radar…
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180410/312dd4dd/attachment.html>
More information about the BreachExchange
mailing list