By Eoin O'Hara
In the good old days the only security measure a business owner needed was installing a strong lock on the front door and arming him or herself with a particularly menacing looking weapon. But now we’re all online, the security threats are changing.
The potential impacts of cyber crime, or even cyber mischief, are most acutely felt by the start-up that has not yet had the chance to develop the robust deterrents and defences that their larger counterparts have long put into place.
Here are four key areas of online security that start-ups should address to help reduce their vulnerability to online risks.
Reduce internal security risks
Unfortunately the majority of online security breaches come from inside the business itself. This can be because of an embittered, scorned, or crooked employee. Or it can simply be carelessness.
Something as simple as using a team password management tool such as Meldium can form a great foundation for preventing internal online security breaches. These tools allows you to share access to important apps and resources without ever having to share your login information or passwords.
In addition, Meldium also allows you to see who in your team is accessing a particular resource at any time creating a non-invasive way to spot potentially risky behaviour.
Find out about Meldium
Block out Malware
If Malware is given the opportunity to infiltrate your computers, devices, or network, it has the ability to do untold levels of harm to your business.
A laissez-faire approach to this threat leaves you dangerously vulnerable, and whilst there is no way to guarantee complete protection, there are certain things that you can do to drastically reduce the risk of a malware attack. These are often simple things like applying your internet router's firewall as a first line of defence, or making sure that all vulnerable devices in your network are fitted with well-known and respected antivirus software.
On a more proactive level, making sure that all email accounts accessed within your network are as free from spam as possible can greatly reduce the likelihood of malware making its way into your business through this route.
Spam filters are getting ever more proficient in hiding irrelevant and potentially dangerous email content from view, but common sense diligence such as being wary of unsolicited emails, unsubscribing from mailing lists, and only passing your email address to trusted parties, can further reduce your risk of attack. Here is a good resource from Kaspersky about protecting your PC from Malware attacks.
Think about BYOD
For startups in particular there are massive benefits of the rising culture of BYOD (Bring Your Own Device), but newer businesses often face a higher level of risk as a result of their unpreparedness to tackle the cyber-security issues which come from personal devices in the workplace.
Some of these risks include:
- Malware making its way into your business network through unsecured devices
- Data / information being improperly protected
- Data / information being leaked through lost / stolen devices
- Non-team members having access to company information through shared personal devices
- Team members retaining access to company information even after employment is over.
- Devices being connected to unsecured outside networks
Simply being aware of some of these issues can help you be more proactive in working towards preventing a security breach through team devices.
For example, simply asking employees to create separate personal / work user accounts on their devices can reduce the security risk significantly. Likewise providing staff with the resources needed to improve protection through antivirus software can help ensure that your team see their personal devices as part of the remit.
Above all else, every start-up should make it a top priority to educate their team about the benefits and risks associated with BYOD. By doing so they will empower the team to take ownership of their devices’ security, and become aware that by engaging in BYOD there are certain steps they need to take.
To help your team you should create BYOD guidelines that apply to all devices connected to the network.
Enforce a security policy
As start-ups grow they tend forget about continually updating their approach to online security - that is until something goes horribly wrong and they are forced to address it. Hopefully the security breach is not so severe that it brings the business to its knees, but you can help to prevent any breach, big or small, by creating and rigorously enforcing a comprehensive security policy. Make sure that everyone who works in the business follows the rules outlined in the policy. Some of the things that you should consider detailing include:
- Application and internet browsing restrictions
- Business-wide password regulations for example diverse character requirements, regular changes and sharing restrictions
- Limited personal use of company devices
- Regular individual maintenance to include things such as updating antivirus software
- Make sure new members of the team are fully versed in the online security risks facing the business and how these can be reduced.
To continue learning about the issues of online security check out the government’s cyber-security resource which is regularly updated with useful information and is also the best way to make sure that you are complying with relevant online security and data protection guidelines.
Eoin O'Hara is a business developer at Startacus.net