On July 29th, 2017, 143 million Americans discovered that their financial information, from their social security number to credit lines, were compromised—out on the Internet for anyone to find.
The reason? A vulnerability in one of Equifax’s applications. This vulnerability allowed hackers to throw the financial future of 143 million Americans into peril.
As we all know, the Equifax incident is only one of many hacks/data breaches/leaks/vice versa. Capital One, eBay, LinkedIn: no site or service is safe.
In a not-so-fun fact, Forbes predicted a 300% increase in ransomware attacks in 2020. Most of these attacks will target small businesses, maybe even including your startup.
Cybersecurity is essential to any startup, big or small. So today, I want to go over five ways in which you can secure your startup, reducing the risk of your startup being hacked by a random hacker.
But first, let’s assess the security risks your startup will face as time goes on. Some of these threats are minor annoyances, and some of these can mean the ruin of your business. So, without further ado, let’s go over a few of them.
Cybersecurity Risks Your Startup Will Face
Your startup likely can’t survive the massive data breaches major corporations face. Neither can your startup support the mass-spread ransomware attacks that plague companies on a semi-regular basis. Before we can discuss the ways you can secure your startup, you need to assess the dangers that lie before you.
Earlier in the introduction, I mentioned that ransomware attacks are expected to rise by 300% in a survey done by Forbes. But what exactly is ransomware, and why is it so dangerous?
Let’s start by defining ransomware. Ransomware is malicious software (malware) that aims to encrypt a device’s files, folders, and hard drive(s). Once encrypted, the ransomware will disallow the user from accessing any of the data, requesting a sizable fee (usually in the form of cryptocurrency). It’s a gamble whether or not paying the fee will give back access to the data—it usually doesn’t, however.
Cybercriminals have taken to using ransomware as their main form of attack due to their simplicity and effectiveness. Only 3 years ago, in 2017, did a group of cybercriminals bring corporations to their knees with WannaCry, ransomware that spread like wildfire throughout the world, handicapping productivity and finances.
As a startup, paying for thousands in crypto and losing access to your data isn’t something you can gamble with. Even the most minor of ransomware can have large effects on your business!
2. Phishing Scams
But not all cybercriminals rely on sophisticated software to siphon funds out of people and businesses. On the contrary! Some of them require the tried-and-true method of scamming, tricking other people into giving away money without producing the promised reward(s).
The types of scams I want to talk about are phishing scams, scams that promise money, gifts, or access to exclusive content as long as you fill out certain information or make an account somewhere.
A good example of this is your spam folder. Dig around in your spam folder for just a second. What do you see? Emails promising a free $500 gift card to Walmart? A strange sender asking you to fill out a survey for the promise of a free iPhone? Something along those lines?
These emails litter the spam folder of every individual with an email account and only serve to trick users into giving away personal information. That survey you were asked to fill out? Yeah, it would have asked for information like your name, social security, credit card number, and more.
You’d be surprised how many people fall for these phishing scams, so you and your employees must learn how to recognize phishing scams. Speaking of which, that brings me to my next point…
3. Lack of Cybersecurity Education
The tech industry has a term for human error: PEBCAK. PEBCAK stands for “problem lies between chair and keyboard,” AKA, “the user is at fault, not the device or other third-party.”
We’re humans. We’re flawed. We don’t know all there is to know about tech, and we sure do make mistakes. In fact, user error accounts for a large portion of hacks, malware infections, and other threats.
Phishing scams exist because they work. Ransomware exists because many companies don’t bother taking proper cybersecurity measures. Threats exist because we don’t learn how to identify them, leading us to risk our financial lives for a free gift card!
Lack of proper cybersecurity education can kill a company before it even starts, so you must watch out for that.
4. Data Breaches
If you keep up with the news, I’m sure you know of the dozens of data breaches that happen every year. Companies and people suffer from data breaches often due to lax cybersecurity rules and taking for granted their security.
Data breaches happen when company data is accessed without permission from the company itself. So, for example, the hackers of Equifax that caused the data breach didn’t exactly ask for permission before stealing 140 million social security numbers.
Like ransomware attacks, data breaches open your startup up to a lot of trouble—potentially career-ending trouble.
5 Ways to Secure Your Startup
Now that we’ve discussed the numerous threats facing your startup, we can move onto discussing the ways you can protect your startup from said threats. I recommend following each and every one of these tips. They’re easy to implement, cost little compared to the threat of losing thousands, and will save you from a lot of future headaches.
1. Assess Risks Facing Your Startup
Before you can even begin to think about the ways you can secure your startup, you need to take into consideration everything in your startup that makes you a target. Are you a startup in the financial industry? Do you handle customer information? Do you have any info considered valuable?
Also, take into consideration ways a hacker can get into your system. Your network, devices, building entrances: all of these need to be looked at before you plan on any cybersecurity measures.
2. Hold Cybersecurity Training Seminars
After taking into consideration the various ways cybercriminals can work their way into your startup and the various risks you face, it’s time to educate you and your employees on cybersecurity.
No matter whether you have 2 employees or 200, you need to educate all of them on how to protect themselves and the information they work while online. You’d be shocked how many companies don’t bother doing this.
Most security errors are a result of human error, so training your employees on cybersecurity will help mitigate any potential errors.
3. Install a VPN Router
Assessing risks and holding cybersecurity seminars won’t be enough; you’ll need to act quickly and start implementing security changes.
Your network is your key to security. If you protect your network, you’ll significantly reduce the chances of a cybercriminal finding their way onto your network.
One way to do this is by installing a VPN router at your office so all connecting devices can be secured. How VPNs work is by encrypting any information passing from each device on the network and hiding its IP.
4. Update All Devices Regularly
Once you’re done tightening up the security of your network, it’s time to move onto your existing devices. Work computers, laptops, phones, network equipment: all of these represent potential vulnerabilities—vulnerabilities hackers often take advantage of.
There is a multitude of ways to improve the security of these devices, but the easiest (and often overlooked) solution is to update these devices on a regular basis.
I know, I know—no one likes device updates. They’re obnoxious, annoying, and can be a nightmare. However, these updates tend to come packaged with security fixes/patches, meaning these updates are essential to keeping your startup safe.
5. Enforce Strong Passwords (and Change Them Frequently)
Lastly, let’s discuss passwords. Acting as the first (and sometimes last) line of defense for our accounts, it’s vital that we only use strong, lengthy passwords.
Unfortunately, many people use the same password for everything. If you want to avoid any cybersecurity attacks, however, you can’t afford to do this. Same with your employees.
Force password changes after a certain length of time (for example, 30 days). Along with this, you need to enforce certain rules concerning passwords. Servers on all OS’s allow you to force passwords to be a certain length, have certain symbols, and vice versa. It is vital that you force the creation of strong passwords.
Creating a startup is hard work, but the work doesn’t end at gaining a few clients and establishing a place of business. No, you need to start working on protecting your startup and its users, meaning setting up proper cybersecurity measures. From VPNs to password managers to proper cybersecurity education, there’s a lot of options available to you concerning how you protect your startup.
Brad Smith is a technology expert at TurnOnVPN, a non-profit promoting a safe and free internet for all. He writes about his dream for free internet and unravels the horror behind big techs.