startupnation writes copy 19 Jan 2018
4 Cybersecurity Tips for Your Startup
Cybersecurity received plenty of press in 2017, but look for it to receive even more focus in the coming months. Now is the time to make any necessary changes in regard to how you'll protect your business over the next year.
Examining the present state of cybersecurity
Cybersecurity wasn't a strong point within the startup world over the last 12 months. Here's a short 2017 roundup to show you where we've been and in what direction things are headed:
- It was the year of ransomware; there's little debating that. Ransomware matured and the marketplace for this destructive software has grown by 2,502 percent. Specifically, ransomware sales on the dark web increased from just under $400,000 in 2016 to roughly $6.25 million in 2017.
- In 2017, the average data breach compromised 24,089 individual records and cost businesses $3.62 million. As it currently stands, one out of four businesses will experience a breach at some point in the future.
- By as early as 2020, researchers believe the average data breach will cost $150 million. This increased cost will be the result of a more interconnected business infrastructure. (Think of it like a line of dominoes, where one compromised domino impacts the rest).
- Contrary to popular belief, it's not just massive corporations that get attacked. Approximately 43 percent of cyber attacks focus on startups and small businesses.
If all of these numbers have your head spinning, you aren't the only one. Your startup is operating in a hostile cyber landscape that requires an alert and proactive approach. Understanding where we've been and where we're going can help you set goals and objectives for the future.
Related: How Cyber Hackers Attack: Defense Against the Dark Arts
Four cybersecurity tips for your startup
While cybersecurity surely is not the only thing on your mind right now, it should be an important focus. As you look ahead to the future, here are some cybersecurity tactics you'd do well to implement.
Be smarter with cloud storage
The rise of the cloud has been one of the more exciting and positive developments in the business world over the last five years. Unfortunately, the abundance of positive coverage for the cloud has led many entrepreneurs and business owners to assume that it's totally safe. Since technologists constantly talk about how much safer the cloud is than physical on-premise storage, they don't immediately recognize that there are still inherent risks that come with storing data and files in this format.
'œCloud services like Dropbox and Google Drive take many steps to secure user content; however, hackers are also working hard to find and exploit new vulnerabilities,' Virtru, a leading provider of advanced data protection software, explains. 'œBy adding an extra layer of third party client-side encryption, you can protect against the '˜what-ifs,' ensuring a cloud storage provider vulnerability won't expose your files to the bad guys.'
Is the cloud safe? By and large, the answer is yes. But if you're going to trust all of your business data, files and records with a service like these, you better know what you're doing.
Look beyond SSL
Securing your website is obviously a key step in the process of protecting your business online. While you can find a lot of good advice regarding how to secure your website, be wary of buying an SSL certificate and then stepping away.
SSL is valuable and much needed, but what most people don't understand is that SSL can't protect against application layer attacks. In order to maximize protection of your website from all angles, you should deploy solutions that provide multi-layer protection.
Emphasize stronger passwords
Passwords control the world. It used to be that your keychain was the thing you could most ill afford to lose. Today, it's an online password. For all of the complex methods attackers use to compromise network systems, websites and applications, the preferred method is to simply type in a user ID and password the old-fashioned way.
From a cybersecurity perspective, one of the most practical steps you can take is to require your employees to utilize stronger passwords. This means encouraging the use of more characters and more complex ordering. Instead of 'œmydogspot,' a stronger password would be 'œ#My1dog2spot3#.' If you're unsure of how strong a password is, this handy little tool will answer the question for you.
It's also important that you don't use the same password across multiple websites or applications. If one password becomes compromised, you don't want a hacker having access to all of your other accounts.
Require two-factor authentication
Two-factor authentication, also commonly referred to as multi-factor authentication, is a verification process by which an individual must have two or more elements to access the account being protected.
As security analyst Neil J. Rubenking explains, 'œThere are three generally recognized factors for authentication: something you know (such as a password), something you have (such as a hardware token or cell phone), and something you are (such as your fingerprint). Two-factor means the system is using two of these options.”