Starting a business is hard work and in terms of your priorities right now security is probably coming in well below finding the perfect office space, building a strong customer base, and figuring out the perfect level of caffeinated to see you through the long days.
But, with businesses big and small falling prey to would-be cyber attackers on a daily basis, you might want to consider bumping it up your list a bit!
The dangers of a breach speak for themselves – from the initial data and monetary losses, to regulatory fines and reputational damage (which is particularly devastating to a new business) – a quick glance at the headlines will leave you in no doubt that a security breach is something that you want to avoid.
Here are five tips to ensure that you are as safe as you can be.
1. You know what they say about assuming…
You really shouldn’t do it. It’s easy to feel like you’re not going to be of interest to attackers, or that you’re under the radar, especially as a smaller business. Sadly, with automated bots crawling for vulnerable systems en masse, and a black market desperate for data, no company is too big or small to be of interest.
So, good news is, you’re interesting! Now let’s make sure you’re interesting because of your unique customer offering and great branding, not because you’re leaving your data open for thievery.
2. Let’s start at the very beginning
Security might seem like an excessive expenditure when you’re starting a company, which means lots of businesses have the ‘I’ll do it tomorrow’ mentality. But it’s actually one of the most important things in those first stages – I literally cannot stress how important it is, or how many businesses fail to get it right. If you invest in any one thing in your early days, invest in security.
If you’re not a start-up but are freaking out a bit right now because you haven’t invested in strong security, it’s never too late; which brings me nicely onto my second point…
3. Check yo’self
Hackers have a pretty bad rep, and while that’s often for good reason, they aren’t all bad eggs. White Hat hackers are on your side – they offer services like vulnerability scans, that are automated to check systems for infrastructure, service and configuration weak spots that their ‘Black Hat’ attacker counterparts could exploit; and penetration testing, which is a manual, in-depth look at these issues to try and exploit and patch them.
Research shows that it can be months before most businesses realise they’ve been breached, as attackers lie in wait and quietly take precious data from your system. Having a strong internal monitoring system in place as well as other safeguards is like having an alarm around your house perimeter – it alerts you if anything changes, which is often the first sign of an attacker sneaking in.
4. Two Factors are better than one
Good security practice – like having long, strong, unique passwords – is something that can be applied across both personal and business accounts.
Part of this is staying up-to-date with the best protection methods out there. You can sign up to newsletters to stay informed; for example, we do a monthly security newsletter for our clients with the latest on current breaches and tips for staying safe.
One of these methods is Two Factor Authentication (2FA) which you can enable across accounts for an added layer of security, which is now widely believed to be one of the best ways of adding a second level of security to your accounts. It works by asking you to provide your password as well as another method of identification when logging in; this could be a code sent to your mobile phone or something you have on you like a USB key.
5. Educate yourself and your team
Once you’ve signed up to a newsletter, spread the word. Research shows that a worrying percentage of breaches come from employees within organisations that are unaware of best security practices. You might know what to watch out for, but educate your team too or there’s very little point.
Here’s a freebie tip – phishing scams are where attackers send an email impersonating a trusted source with the aim of getting users to click on a link that takes them to a malicious website. They’re also some of the top threats for 2016, and they’re getting more sophisticated.
One recent example saw attackers asking lower-level employees to connect on LinkedIn, and using this to appear trustworthy when asking top-level management to connect. They’d then use the info gleaned from LinkedIn to send out emails with lots of accurate info in them, so that they appeared genuine, duping users into clicking on the link.
6. Stronger together
OK we said five tips but everyone loves a bonus point, and it’s definitely one of the most important to remember too.
Protecting your system can be incredibly overwhelming if you’re not security savvy. Employing someone who knows security inside-out, and partnering with a hosting company who has your back, are both crucial too.
UKFast for example, offer everything from firewalls, which come as standard with their solutions, right up to pen testing, monitoring and security audits. They even have a security arm called Secarma and have another security company, PenTest. Make sure you’re asking about security when you choose a hosting provider.
There are steps you can take to minimise the risk
Unfortunately there’s no way of completely protecting yourself from attack; that’s just life. But there are steps you can take to minimise the risk, such as regular testing and keeping backups on a separate system, and acting quickly and responsibly to minimise the damage if you are breached.
Security doesn’t have to be scary, and with a bit of help and a bit of sense you’ll be able to nail it – good luck!