Cybercriminals are exploiting the situation of the pandemic to launch highly sophisticated cyberattacks on every industry possible. In the first six months of 2020, companies became the target of massive data breaches where hackers sold account credentials, sensitive data, confidential and financial information of these organizations.
Almost a third or 28% of the data breaches in 2020 (until now) involved small businesses. The data comes from one of the most acclaimed cybersecurity reports in the industry, the Verizon Business 2020 Data Breach Investigations Report (2020 DBIR).
While most businesses won’t find themselves victims of data breaches, every single startup company or SMB should still be concerned with information security. This is especially important if your business handles consumer data.
10 simple tips that help to secure your startup or SMB
- 1. Have a Security Policy
When it comes to IT security, make sure you have a policy, have it documented and available for all employees. Most of all, start with the basics. Use complex passwords, don’t open emails from suspicious addresses and don’t open links from sources you don’t recognize.
- 2. Train your employees
All employees should be trained in IT security and coached to never hand out sensitive information to anyone they don’t recognize. Make security awareness training part of your onboarding process and repeat this annually. The majority of businesses suffer from phishing or spear-phishing attacks. These often come in the form of emails, and these hackers can make themselves appear very real to recipients.
- 3. Use 2-Factor-Authentication
Don’t settle on just having a single username and password combination. Take it a step further by using two-factor authentication. Users will be tasked with a secondary authentication sequence like confirming an email or inputting a code sent to their phone. This can be used for both employees and consumers.
- 4. Encrypt your sensitive data and communication
Encryption simply means changing data into an unreadable state. Using an SSL certificate is a good start. Take it a step further by having encrypted data and keys on different servers. A startup most likely won’t have an in-house encryption expert, but there are plenty of technology solutions that will encrypt data for you.
- 5. Make Penetration Testing and Vulnerability Scanning part of your security routine
Doing security testing is very important to evaluate the security of your startup or SMB. We highly recommend that these risk assessments be carried out on a regular basis. Be sure to check industry guidelines, since some industries (like the health-care industry) are required by law to conduct risk assessments on a regular basis.
- 6. Code review
Find mistakes overlooked in software development to improve the overall quality of your software. Reviews are done in various forms such as pair programming, informal walkthroughs, and formal inspections. There are many ways that will help you to review your code either within your team or with the help of our experts.
- 7. Install patches and updates
Operating on an outdated version of software can be dangerous. Don’t ignore software updates when they’re rolled out, as they can contain security patches to vulnerabilities that hackers exploit. The older the system is, the more serious this issue is.
For example, it probably won’t be too much of an issue if you miss the latest update for Windows 10, but if you’re still running on Windows 2000, we’d recommend you upgrade immediately.
- 8. Use Access management
Don’t give your employees access to all assets whether it is servers, documents, or others. Minimize administrative privileges and only use administrative accounts whenever required. Implement focused auditing on the use of administrative privileged functions and monitor for anomalous behaviour.
- 9. Protect your website
There are many things to secure in your startup or SMB, but your website is on top of that list. Protect your website with a WAF (Web Application Firewall). Tools like Cloudflare can stop some of the basic malware out there.
- 10. Prioritize your Cloud design
When running in a public cloud make sure to use a well-architected design.
For startups or SMB’s, security is crucially important for its success. It is very easy for a startup or SMB to fail if it does not care about its security. Following the tips mentioned above is a good start and can prevent your business from basic attacks.
Contact our security experts for advice on how to secure your startup or SMB.