The big names may hog the headlines, but startups remain the silent majority when it comes to cyber attacks. With resources stretched thin and their propensity for embracing new technologies, it’s little wonder startups make up some 58% of all data breach victims. The truth is, your business is never too small to consider cyber security, so here are the most pressing risks that should be at the top of your list moving into 2019.
1. Digital Data And Documents
In the wake of Europe’s General Data Protection Regulation (GDPR), startups are having to sit up and take the security of digital data, documents, and user information more seriously. And for good reason. 1300 significant data breaches occurred in 2017, resulting in the loss of a staggering 2.6 Billion records. With fines of up to 20 million Euros or 4 percent of annual global turnover looming large and security threats knocking on the server door, it’s a matter of when – not if – your startup is affected.
The modern startup’s propensity for embracing new technologies such as digital working environments, apps, and connected devices makes them particularly vulnerable. Especially if policies, procedures, or oversight isn’t robust enough to ensure every device or communication channel is secure.
As with most every startup, you rely on both the strength of your ideas and your name. A data breach that sees your industry secrets or confidential client data hitting the dark web – or the headlines – could greatly affect your ability to drum up investor interest.
To counteract these risks to your important information, you’ll need robust policies, processes, and software that puts security first. Software for managing and distributing documents such as Stellar Library, for example, fills this role, replacing insecure channels like email while supplementing existing services such as Google Drive and Dropbox with improved oversight and control to any device, anywhere, any time. It’s an agile solution for an inherently agile sector.
It’s a tale as old as time, but there’s a reason Phishing attacks still find themselves at the top of these roundups year-in, year-out: they work. In fact, some 76% of businesses recently reported being subject to a phishing attack in the last year.
Phishing – and, more recently, spear-phishing – attacks often take the form of emails that point you in the direction of a fraudulent website that looks as though it’s provided by a trusted source such as a co-worker, friend, or even your CEO.
All it takes is a tired Monday-morning click or email from the compromised account of a trusted individual, and before you know it you’ve handed over access to accounts, documents, or important internal information to an unscrupulous third-party. It’s better to be safe than sorry, so always double check the source of an email if you’re ever in doubt.
As the name would suggest, Ransomware locks down or encrypts data, an affected computer, or entire server, rendering it inaccessible to the user until they cough up the cash. In many cases, this is requested in the form of Cryptocurrency like Bitcoin, as it’s that much more difficult to trace than a regular cash or online transaction.
Like any other cyber security risks that eventuate from downloading or installing compromised files, appropriate training and anti-malware solutions such as Bitdefender or Norton are both strong ways to mitigate against the risks of Ransomware.
4. WiFi Connections
Startups are, by their very nature, agile things. As are the management and staff that power them. Whether you’re working on your laptop in the waiting lounge of an airport, or typing up an important report over a coffee in a cafe, you need to stay connected.
To do so? Chances are you’re connecting to public WiFi.
Don’t let your startup’s internal IT security measures lull you into a false sense of security. Beyond your four (fire)walls, there’s a world of security flaws and vulnerabilities. Free, public WiFi connections may be a great modern convenience, but it’s all too easy for third parties to set up compromised connections in public places like Hotels or Cafes which can then monitor and harvest all traffic once you’ve hit ‘Connect’.
5. Human Error
No matter how robust your security protocols, there’s simply no accounting for human error. For all the high-profile headlines about private email servers, there is a lesson to be learned here for startups about the lengths staff and employees will go to in order to circumvent even the strictest internal security policies in the name of convenience. This includes personal email accounts, laptops, and mobile devices.
The stats agree. 25% of employees use the same password for every account, while only 40% use a personal device that’s properly monitored. Mitigating against convenience is a constant struggle, but it starts at common sense policies and internal training, as well as built-in failsafes such as two step verification and multi-factor authentication.
6. Internet of Things (IOT)
These days, most everything is a connected or smart device boasting Bluetooth, WiFi, internal storage, and – most importantly – a connection to your internal network. With the sheer speed at which these connected devices are finding their way into the average workplace – from connected coffee machines to security cameras – traditionally rock-solid security policies are becoming outdated before the ink has dried.
Whether it’s a DDoS attacks or data breach, your startup needs to be aware of – and working on – the new, emerging risks these IoT devices present to your day-to-day operations. They’re fast becoming the overlooked weak-point in what may otherwise be a robust security system. Yes, even your toaster.
Cryptocurrency has fallen since its Bitcoin boom of the late 00’s, but with more and more businesses jumping on the bandwagon despite the environmental and financial concerns it’s unlikely this bubble is going to fully burst any time soon.
But what does Cryptocurrency have to do with your startup’s security?
New third party programs are quickly becoming the modern face of the common computer virus, compromising servers and computers before using them to mine Cryptocurrency. Often unbeknownst to the affected user.
Difficult to track and even more difficult to trace, a recent report showed that some 59% of UK businesses have been hit by an attack at some point during their operation.
Startups? It’s time to take Cyber Security threats seriously
With new threats emerging each and every day, it can be difficult to keep up with the pace of change. The best you can do is stay prepared, and mitigate against these risks as best you can with policies, procedures, and supporting software. While even the most strict security is always liable to be broken, taking action is far more effective than sticking your head in the cyber security sand.