Editor’s note: This is a guest post by Kevin Whelan who is CTO at ITC Secure Networking
As a startup, security is probably not that high on your list of priorities. You may be more focused on development, finding investment (or keeping investors happy) and building a profile for your brand. Like any business, the implications of a security failure for a startup only really become apparent when something happens and the damage is already done. However, unfortunately for younger companies – with delicately balanced finances and a fragile, new reputation – the consequences of a security breach can be much more serious. So, get ahead of the curve and carry out these basic security checks for your startup now.
1. Write a security policy
Everyone in your business needs to understand the risks and what you expect people to do about combating them. Startups may be small – or between friends initially – but that’s even more reason to make sure that important matters such as security are clearly set in stone. A security policy should cover everything from the way that company equipment is used to the expectations of staff who bring their own devices into work.
2. Don’t skimp on passwords
Use passwords that would challenge a potential hacker – a vast number of people still use ‘password’ or ‘qwerty,’ two of the simplest passwords to hack. While nothing is impenetrable, longer passwords that use a range of letters, numbers and symbols (ten characters or more) could take a hacker upwards of a month to break – ensure staff change their passwords every four weeks and you have a solid security basis.
3. Employ the tools available
Encryption and firewalls were invented to help protect both individuals and businesses and they are easily accessible on the commercial market so make use of them. Encryption is designed to help ensure data protection – both your business data and the data of the employees in your startup (which you may have obligations to protect, legally). Firewalls help provide a defence for your systems against those who would like to get inside to wreck, ransom and steal.
4. Use anti virus software
Where this is available, it is an obvious defence in the fight against keeping your security intact. Make sure it is up to date and you’re installing patches as they come through. However, don’t rely solely on anti virus software as nothing is infallible – hackers evolve at an enormously fast pace and, as there is such a reward available to those who can crack virus protection, you can’t expect it to be absolute.
5. Monitor your network
It’s important that you’re able to spot the signs of a security breach when it happens – some businesses go months without realising that their security has been breached, which can be very costly. Set up some basic monitoring that can help you identify problems, such as unusual file access activity or being locked out of certain accounts, networks or machines. Put a reporting system in place so that you can respond to security problems quickly.
6. Train your employees
The best tools that hackers have when it comes to trying to shatter the security of any business is the individuals in it. Human error is responsible for a vast number of successful security breaches and your employees – however few – could be the key to getting inside your defences for a clever hacker. Train everyone in what to look out for, what to report and how to comply with the security policy, especially if they are bringing their own devices and connecting to your company network.
7. Don’t disregard any data
Yes, protecting information received via key elements such as payment processing are crucially important for ensuring security is tight but, when it comes to protecting your business, all data is important. You may have a database of people who receive a monthly update from your startup – even this could potentially cause problems if it got into the wrong hands, no matter how small it currently is.
8. Look into insurance
The costs of security problems can run into terrifying figures, not just in terms of the expense of fixing issues but also lost business, client attrition, downtime and even a lawsuit. Insurance can be tricky in this area but may help to avoid a situation where a security issue happens and is so significant that the cost tanks your startup completely.
9. Back everything up
Even if you’re completely protected against hackers (although many experts would stress there is just no such thing) then you’re still at the mercy of accidents and random disasters so back everything up with the assumption that something problematic will happen at some point. Data has become one of the most valuable commodities that businesses have and although insurance might be able to provide financial compensation if you suffer a security breach, if you haven’t backed your data up then it cannot be replaced and you’ll have to start again. Backups should be carried out at least once a month and you can opt for old school solutions, such as flash drives, or use cloud storage instead.
10. Take care with social media
Virtually every startup needs social media now, whether as a way of attracting finance or to get the message out about products and services. However, social media is a great entry point for a hacker into your network and can do serious reputational damage if it gets taken over by someone with bad intentions. Make sure you protect your social passwords – you can give employees access to the account to post without actually giving them the passwords by using a third party platform such as Tweetdeck.
11. Maintain your website
You need an online presence, there’s no doubt about that, but if you’re going to have a website then make sure it’s secure. There are all sorts of issues that could result from the wrong people gaining access to your site, from using it to spread offensive or pornographic images to stealing data belonging to your customers. The consequences of this could be devastating – destroying customer trust and opening you up to prosecution and fines for not protecting the data you process.
These security checks are the most basic first steps for any business looking to start out securely. As your enterprise evolves you will need to develop protection to go with it and creating this kind of sold base is a great way to start.
Author bio: Kevin Whelan is CTO at ITC Secure Networking. Author of ITC’s ‘Threat Of The Week’ series, Kevin is responsible for technology and strategy and is architect of ITC’s leading Netsure 360 Service. Before joining ITC in 1990, Kevin was Global Head of Architecture at PwC, and before that in the army.