Why Should My Startup Care About Security?

Okay so generally, everyone knows online security is important.

We understand that we should be using “strong” passwords — as shown by every attempt to create a new account online with the bolded command that it has to contain at least 300 different characters, including numbers, symbols, and letters both upper and lowercase. We hear the horror stories of major companies leaking sensitive information to hackers and scammers due to data breaches on a regular basis. We see all the advertisements telling us to start using password managers.

It can become dizzying and almost impossible to keep track of all the stuff you need to do on a daily basis. This doesn’t even include the existential dread of worrying about who might be trying to break into your accounts. All of this is amplified ten-fold when you’re starting a new business, where there is even more to worry about.

And all of this was true even before 2020 happened…

How starting a new business became even more difficult

We were already living in a digital world, but now IRL is no longer an option for the majority of those working to set up a new business. Any interactions we have with retail providers, colleagues, friends and news sources online require us to give personal information. The move further into the virtual world has made security a necessity for everyone.

Right about now, you’re probably asking yourself: Why should I care about this? I’m up to your eyeballs in getting my business up and running. I can basically only commit to the bare minimum, setting up these passwords and then putting a sticky note with all of them written out somewhere close by.

There are several ways a lack of online security can seriously and negatively impact a business, in particular, a growing business. When you’re establishing your company you’re setting up accounts with lots of vendors while onboarding new employees and consultants. This, naturally, requires a lot of data and personal information to be entered in multiple places. And within the process there are vulnerabilities that need to be addressed and avoided to keep you safe while scaling. For example breached password issues, Cross-site scripting (XSS Attacks) and credential stuffing attacks.

Thankfully there are ways you can mitigate these challenges.

Making things easier for yourself — proactively protecting against security concerns

Let’s talk about security concerns and what you can do to help protect yourself and your business from them.

For the breached password threat, here are some ideas to help. Passwords need to be strong and secure so look into using a product like 1Password to store your passwords. Services like this will suggest strong passwords and keep them locked up under your main one, so you only need to remember one strong password while keeping access to all your accounts safe. Make this service available to your employees as well to increase your overall security posture.

Adopting a single sign on (SSO) option is also a great way to keep your accounts safe and reduce the friction of multiple passwords and logins. This means if you log-in once to your main account you don’t have to log-in separately to any other account that’s connected.

For your most important accounts, you will want to take your security a step further with multi-factor authentication (MFA). This will require users to confirm their identity via a second source like an email, text or push notification on their phone. This should be employed for services that should be locked down the most — including sensitive financial or personal information — and is especially helpful for employees logging into accounts that maintain sensitive data.

Going one step deeper into your defenses — preventing attacks

Want to hear about XSS attacks?

Maybe not, but it’s worthwhile.

XSS attacks are when someone puts malicious code into a vulnerable site with the goal of getting to end users of that site. Basically, attacking your customers through your site. There are several different types of XSS and solutions for how to prevent them. You should take a look at this link or share it with your engineering team to find the best solutions for protecting your business from these attacks.

Next up are credential stuffing attacks, which are probably the ones you hear the most about. Essentially, what these hackers do is get access to a password someone has associated with an account and then attempt to use the same credentials on other sites to gain access to those accounts. Due to the low success rate in just plugging these credentials into other accounts, most hackers use bots to send credentials out until they find a match. This is part of the reason strong, secure, unique passwords are so important. Hackers can use account access for a variety of reasons — like selling access to your breached account, e-commerce fraud like buying expensive stuff from your Amazon account, or corporate theft or espionage taking sensitive information from corporations and using it for nefarious purposes. A couple of great ways to keep your company safe from this kind of attack are to implement MFA, breached password protection (which allows for employers to make choices about how to handle logins from employee accounts that are identified as compromised), or using password managers like 1Password.

Now you know the basics — so what’s next?

Overall, there are a lot of risks to online security out there. But there are also tons of really smart people and companies (like Auth0) working to solve these problems and make the internet safer for everyone. Hopefully this post has helped you understand some of the security related challenges your company may face, and that there are easy and secure ways to keep your company safe while you grow.