From 2020 being dubbed ‘the year of the side hustle’ to small businesses grappling to maintain continuity and profitability, despite these unprecedented times there has been a significant uprising in entrepreneurial activity the world over.
Startups tend to be created by people who burn with an idea and want to put it into action as soon as possible. Money is usually tight, and expenses run high, what with product development, promotion, and all the rest of it. When managing priorities, emerging businesspeople often neglect matters related to information security.
Many startups try to save on security, confident that a small company with limited resources holds no interest for cybercriminals. The truth is anyone can fall victim to cybercrime.
Firstly, because many cyber threats are massive in scale, their originators aim wide, trying to hit as many as they can in the hopes that at least some will generate a return. Secondly, commonly being weakly protected, startups present attractive targets for cybercriminals. Whereas corporations sometimes spend months to recover from a cyberattack, a small company may simply not survive one.
To properly safeguard your startup, given a limited budget, you might want to build a threat model before you go ahead with the launch.
To figure out which risks are relevant for your business, here are Kaspersky’s top five cybersecurity tips for startups:
- Figure out which resources need protection first and what security tools you can afford at the earliest stages. In fact, many safeguards will not involve much expense.
- Use robust passwords to protect your work devices and accounts. Do not neglect two-factor authentication — you will find it almost everywhere these days, and it really works.
- Thoroughly review the data-storage laws of the countries in which you plan to operate, and make sure your company’s personal information storage and processing workflow are compatible with those laws. If possible, consult lawyers about the traps and pitfalls of each market in question.
- Keep a close eye on the security of third-party services and software. How well-protected is the collaborative development system you use? Is your hosting provider safe? Are there any known vulnerabilities in the open-source libraries you use? These questions should interest you at least as much as the consumer properties of the end product.
- Raise your employees’ cybersecurity awareness and encourage them to dig into the subject on their own. If your company has no cybersecurity professionals on board (typical for a startup), find someone with at least some interest in the matter.
Discussion about this post