Ignoring IT Security is one of the most expensive tech debts a startup can take. Yes, you save some time and money at the very beginning of your startup journey. But the price of a security breach, a data loss or only fixing all the mess that had been done at the very beginning could be that high that it will kick you out of the game along the road. Not only will you incur major costs, but perhaps worse, you lose the trust of investors, partners, and customers.
Good news, the Pareto principle also works for information security. A few inexpensive measures will improve your protection level significantly. Thinking about information security, most people have hackers, three-letter-agencies or spectacular cyberattacks in their minds. But good information security is much more. It is always a balance between confidentiality, availability, and integrity. Let's cyber proof your startup with our awesome checklists 👇
Level 0: The basics - Awareness and passwords
By far, most security breaches are caused by a lousy security awareness and no password policy. “I have nothing to hide (or protect)” or ” I can’t protect my stuff anyway” are reasonably understandable but toxic thinking-patterns. Security is a mission-critical aspect of your company. Make this clear to everyone in your company. I highly recommend an annex to the employment contract on this topic. And while doing it, use the chance to enforce an effective password policy.
Level 1: Up-to-date software and locked screens
My grandmother already said, "Boy, brush your teeth twice a day, store your data in the cloud, and keep your software up to date!" And she was right. Outdated software, unlocked screens, and data stored solely on the laptop that was lost yesterday can cause more pain than that horror dentist that still shows up in your nightmares. Have this line in your mind:“ If your media only exist on one drive - it doesn’t exist.”
Level 2: Double protection
It's midnight, a dark street corner, and a stranger promises you the most fantastic prize of your life. All you have to do is give to give him money... You would not give a random person a bunch of money, right? So, why the heck are you clicking on all the trash emails or ads that come along? Be a human firewall and think before you click. Two more things here:
Enabling Multi-Factor Authentication and enforce it whenever possible.
- As long as you do not know what you are doing, DO NOT allow your employees to bring their own devices. (BYOD)
Level 3: Active cybersecurity measures
Implementing levels 0-2 already gives you decent protection. (Let's say it's 70% of what is achievable). Everything that comes next requires some work and budget. Among the very least, you should turn on the built-in firewall on all your computers (very often this is already the case by default). On Windows systems, it is also a smart decision to install an antivirus/malware protection.
Hey, it’s a wrap. Implementing all that measures will NOT give you 100% protection, but it will make it much, much harder for a potential attacker. If you are running a business, you should always prioritize the safety of the information of your company, customers, and employees. Stay safe!