10 Cyber Security Tips for Startups

October 6, 2016

Today's cyber security tips are shared by Nick Santora, the founder and CEO at Curricula, a cyber security company at Atlanta Tech Village. Nick teaches other companies how to not get hacked with their security awareness training platform.Did you know October is National Cyber Security Awareness Month? Unfortunately startups are at a high risk of becoming a victim of the most basic cyber security attacks. Don’t let your startup get hacked! Whether you are a 1 person team with no customers or a venture backed growing startup, you need to follow these cyber security tips and best practices.Here are 10 cyber security tips you should implement to protect your startup today:

1) Establish An Information Security Program

An information security program is the foundation of how you maintain the security of your customers and how you run your business. It covers the basic practices your organization takes to protect data and manage information. Think of it like a plan for a road trip. This is not a detailed list of every single activity on the trip, but more of a high level list of your general direction and destinations along the way. Bottom line? You need a plan in place and you need to communicate expectations to your team.

2) Password Management

Let’s face it, passwords aren’t going away anytime soon. Stop storing your root passwords on an Excel sheet on someone’s computer! Instead, use multi-factor authentication whenever possible to help protect your sensitive accounts. Lastly, use a password management tool that encrypts your passwords and allows you to share privately with your team.

3) Prevent Phishing

Phishing is the #1 way a hacker will steal your credentials and use them against you. You or one of your team members will get phished during your startup’s lifetime. You might have been phished already and don’t even know it! Phishing is when a hacker pretends to be another trusted party in order to have you submit your login credentials to them. Be smart- don’t click any suspicious links or enter personal information into websites, ever. Seems obvious, but too many people do it.

4) Manage Your Web Security

Are you using Wordpress? Do you still have default root passwords setup for your VPS accounts or other software? Do you have an SSL? When it comes to web security your technical team should walk through some basic questions that look at how you are managing all of your administrator “keys to the castle” type accounts. This is important for your company and your customers.

5) Create A Privacy Policy

You need one of these not only to protect yourselves but to protect your customer’s data. Don’t just copy and paste something from Google, that won’t work. You need to absolutely identify what data you are collecting, how you are using that data, and cover other information privacy concepts here. If you don’t have one at all, you better get started.

6) Protect Your Mobile Workforce

The beauty of having a startup is the freedom and flexibility of your work day. Sometimes you can be at a coffee shop, others in the office, then on the road somewhere. Protect your mobile users with encrypted drives on their laptops. Make sure they use passcodes on their mobile devices. Use caution if connecting to any public Wifi. If you must, use a VPN technology to encrypt your data while on public Wifi networks.

7) Use Security Patches

Besides phishing, having an unpatched machine is one of the easiest ways for a hacker to break in. Having unpatched versions of Java, Flash, and other software is just asking for your machine to be exploited. Ensure you are running the latest versions and security patches of software on all your devices to keep them safe.

8) Use Encryption

Just as we mentioned for your mobile workforce, encryption needs to be a part of your plan. At a minimum you should be encrypting user passwords within your app. You should be using an (Secure Socket Layer) SSL Certificate for any sensitive web applications. Don't have one? Add it. Today.

9) Avoid Ransomware

If you haven’t heard of ransomware yet, it’s some scary stuff! Basically, the hacker installs malicious software on your machine by having you either click a link or open an attachment. Once installed, the malware encrypts your machine and will only offer you access back to your machine after a sum of money is paid. Essentially holding your computer and data for ransom. Prevention is key and always have working backups available if you become a victim of ransomware.

10) Educate Yourself and Your Team

Your people are the biggest risk to your organization. Cyber security is not the cost of doing business, it is the cost of staying in business. It is important that your employees engage in security awareness training on emerging threats and understand how to protect themselves. Building a cyber security culture is something that you should be doing as part of your startup to ensure you’re protecting sensitive data and growing your business.Don't let your startup get hacked. By following these cyber security tips you are keeping your business and your livelihood safe. Sounds good, right?

October 6, 2016
Karen Houghton