[BreachExchange] Safe and Sound: 7 Strategies on How Young Startups Can Protect Their Digital Assets

Audrey McNeil audrey at riskbasedsecurity.com
Mon Jan 15 20:55:26 EST 2018


Established companies have set up cyber security departments where they
regularly inject a fraction of their revenues to help keep the company’s
digital assets safe. However, most startups often struggle with vital
matters such as marketing and budgeting that they often neglect the need
for cybersecurity in their organizations. This has in effect made them a
target by hackers that has seen some exit the business stage disgracefully
and even more spending their fortunes in reversing the impact of such
breaches. This guide seeks to educate a startups management on inexpensive
methods of protecting their digitals assets and online business information.

 1. Encrypt business information

The only reason most cryptocurrencies continue to enjoy relevance and the
surge in popularity they are currently commanding is due to their
encryption strategy. They were able to come up with an innovative solution
to data breaches in the form of blockchain where data piles up underneath
layers of an unbreakable encryption chain. Encrypting company information
with verified encryption techniques means that data is readily available
when your company needs it but useless to a third party if they don’t have
the decryption key.

2. Employee training

Whenever most entrepreneurs hear of cyber threats to their startup
information, most can only think of outside parties, hackers. They neglect
the possibility of internal breaches as well as any negligent employee
actions that threaten tear the veil separating you from online data
predators. Devote a portion of your data security budget to educate your
company employee on the basics of cybersecurity and the need to help the
company maintain privacy online.

 3. Employ a speedy resolution

How well prepared is your startup’s cybersecurity team in addressing data
breaches? Do you have data breaches detection mechanisms in place and what
countermeasures have you set up to counter such alerts? Invest in
dependable managed detection and response services that monitor your online
activities and alerts your IT specialist in case of any suspicious activity
in real time.

 4. Outsource cybersecurity service

Most startups come up as financially stretched. With so much in the
pipeline like financing marketing campaigns, forging partnerships, taking
care of logistics, and retaining customers that they have little left to
invest in a serious cybersecurity department. Plus they only have little
information that wouldn’t make economic sense to host locally. In such
case, it is advisable that you store your company information on a secure
and reliable cloud network.

5. Conduct regular system penetration tests

Given the fact that you are just starting out, it is highly probable that
you have a new website, mobile applications, and in some instances,
proprietary software. But how secure are these systems? Take it upon
yourself to regularly hire a system penetration tester to vet any
weaknesses in any of these systems and recommend patches. Additionally,
keep an ear out for patches to other computer systems and application
installed within your company networks.

6. Passwords and authentication

Top among the agenda on employee training is the need for them to maintain
strong passwords. And don’t just educate them on the need for a secure
password for their interaction points with your startup networks. Make it a
rule that your IT specialist enforces. Plus these passwords should be
mandatorily changed often.

7. Keep as minimal critical data on servers

The less information you can keep on your system servers, the less
compromise your company would have to contend with in case of a severe
breach. And note that a cyber threat doesn’t necessarily mean a hack. It
also covers negligent acts on the part of the administrative staff that
results in data loss. Plus if possible maintain sensitive information
outside your servers in an air gapped computer.

Bottom line

Effective cybersecurity calls for the protection of vital company
information, regardless of its size, from internal and external breaches.
As an entrepreneur, implement such strategies as encryption, employee
training, and outsourced cybersecurity services if you seek to see your
company expansion uncompromised cyber threats.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180115/683c248e/attachment.html>

More information about the BreachExchange mailing list