Startup…without breaking the bank!
Top 5 tips for securing your startup or small business
A common misconception is that security is something that you can worry about later when you’re a bigger company. After all, you have other more important things to worry about. Working in a startup or small business, there is always a staggering list of items that are categorized as critical for operations, but (unfortunately) cybersecurity is rarely placed on this list.
Another common misconception is that security is too expensive. However, integrating elements of cybersecurity in from the beginning is not only less expensive, but it becomes easier to maintain that security culture within your company long term. Your investors and customers will thank you!
Here are 5 practical, low-cost tools and practices that you can implement in your startup or small business which will make a huge difference in your cybersecurity posture:
1. Enterprise Password Manager — Implement for your whole team for nominal fees and it will more than prove its worth in the first year. By implementing a password manager system (managed and controlled by your IT team), you protect the credentials used for cloud accounts and backend systems. Good password managers also provide visibility into your startup’s users to see which folks exercise poor password practices (e.g. password reuse, weak passwords, etc.). Additionally, you can leverage Single-Sign-On (SSO) to simplify the onboarding/offboarding process, as well as securing login procedures.
2. Fostering a Cyber Security Culture — By making cybersecurity a part of your culture from the start, and making it everyone’s responsibility, you are setting your company up for success in the way that each employee does their job and the way that your infrastructure and services are set up. Create cheat sheets on ways employees can exercise “strong cyber hygiene” and regularly test adherence to these practices:
- How to create strong passwords (https://www.lastpass.com/password-generator)
- How you can add MFA to your online accounts (https://twofactorauth.org/)
- Send out phishing quizzes to all employees (new and old) to help educate them on ways to identify phishing e-mails (https://www.opendns.com/phishing-quiz/, http://blog.intronis.com/phishing-quiz, and https://www.sonicwall.com/phishing/)
- Educate users on what social engineering is (https://www.youtube.com/watch?v=lc7scxvKQOo)
3. Check Each Other’s Work — It is true that we have a blind spot when it comes to our own creations or things we work on. Because of this, it is important that you have someone else check your work, specifically for any server/backend configurations. The last thing you want is to have egg on your face because a server was misconfigured and data was exposed.
4. Embrace Mobile Device Management (MDM) — Protecting devices that connect to your company’s Network is absolutely mission critical. MDM “on the cheap” is viable with built-in tools like MDM capabilities in Office 365 and also MDM offerings within G Suite. The more you can protect your data and devices that connect to your Network, the more your potential attack vectors decrease.
5. Real-Time Threat Protection — Unfortunately, Antivirus isn't as effective as it once was and something more advanced is required to truly protect your endpoints and online activity from the barrage of always-changing cyber threats. Rather than spending a ton of money on enterprise-level intrusion detection and prevention tools (IDS/IPS), you can get this same level of advanced protection for a fraction of the cost by installing Rubica on your devices.
Rubica protects phones, desktops, laptops, and tablets from infection and compromise, and also encrypts your connection to the internet no matter where you are or what network you connect to. With Rubica, all of your employees can be protected from phishing, malware, browser-hijackers, malicious sites/pop-ups, and other emerging threats.
