You can find about a million tips on how to keep a startup afloat on the Internet. Usually advisers draw attention to the issues of business planning, marketing strategy, attracting additional investment and so on, but articles rarely talk about the problem of building a solid cybersecurity system. However, the lack of a clear understanding of threats can cost a startup a potentially successful business. We decided to talk about most typical cybersecurity mistakes and, more importantly, how to prevent them.<\/p>\n
Here is a typical start-up story: you and your friend come up with a brilliant idea, you discuss it with your inner circle, you gather a group of enthusiasts, and the dream team is ready. This is how the stories of Airbnb, Pinterest, Twitter, Uber and many other famous projects famously started.<\/p>\n
However, problems arise when a startup moves from an initial idea to building real workflows and hiring additional staff. At this point, the small group of like-minded people expands and becomes a team of random people with different views on life and different life experiences. In such a team, employees may have very different understandings of what information should be considered as confidential and how to keep it secure.<\/p>\n
Here is an example: one employee decides that it would be convenient to write the password for an online service on a chalkboard \u2014 their thinking is, everyone who needs it can find it quickly and easily. Another member of staff posts a selfie in the office on a social network, writing \u201cwho would write something confidential on the chalkboard, where everyone can see it\u201d? This kind of misunderstanding is one of the reasons why young startups can run into cyber-security issues. The problem can be solved only by developing a corporate cybersecurity culture.<\/p>\n
At the same time, people who come to work in startups are often enthusiasts and adventurers \u2013 they quickly fall in love with the idea, and can often quickly change their interests and leave. In addition, quite often modern startups depend on IT specialists who generally tend to move from business to business over the course of several years.<\/p>\n
The combination of these two facts can create high employee turnover. In such conditions various mistakes can easily multiply, especially cybersecurity related ones. Therefore it is easy to overlook a cyberthreat that can easily be avoided.<\/p>\n
Let\u2019s imagine: you hadn\u2019t noticed how your small startup became a fully-fledged business. What cybersecurity mistakes could you have made so far?<\/p>\n
Often when a startup employee needs access to corporate resources or services, he immediately gets administrator rights. The person who shares those access rights usually thinks it\u2019s easier to give access to everything once, without understanding the real needs of a particular employee and his responsibilities, than get new requests for access every week. But the more access rights an employee has, the chance of an error grows. If you want to minimize the number of cyberincidents, each workflow participant should have only those access rights that are necessary for their tasks.<\/p>\n
In general, this is bad for any business. But in a startup, due to the above-mentioned staff turnover, one day you may simply not be able to find important work files. Most likely they exist somewhere, but where exactly is the mystery. A developer or marketing intern knew about this once, but left the company recently without telling anyone.<\/p>\n
Another common problem is forgotten passwords for corporate social networks or other rarely used services. Perhaps a new staff member sets up a Facebook or LinkedIn account to help promote the business, but fails to share the account details with other members of staff, then promptly leaves for another role \u2013 the login credentials have gone, with little chance of recovery.<\/p>\n
Some people may think that with high turnover it may be a good idea to use shared accounts. But the more people know a password, the more likely it leaks due to phishing, negligence or malicious intent. In addition, it greatly complicates the investigation of an incident, when it happens. Let\u2019s say it turns out that someone has gained access to an account \u2013 the experts suspect that the password was intercepted by malware and wants to check the computer of an employee who had access. Only to find that everyone had!<\/p>\n
Another password-related mistake is to store them in some file in Google Docs, as incorrect setup means it\u2019s usually accessible by anyone with the link. The obvious advantage is that it is very convenient to transfer the necessary information to all employees, it is enough to put all the necessary passwords in one document and send a link. However, such Google documents can be indexed by search engines<\/a>. In other words, the file with all your passwords could potentially fall into the wrong hands.<\/p>\n Some of the problems associated with passwords would be less dangerous if startups did not neglect two-factor authentication<\/a> on work accounts. This allows you to protect important data from various theft methods, such as phishing. First of all, two-step protection should be put on all financial services, such as Upwork.<\/p>\n To avoid the \u2018typical\u2019 mistakes that many small businesses and start-ups make, try to follow these tips:<\/p>\nLack of two-factor authentication<\/h3>\n
Universal cyberthreat prevention tips<\/h2>\n
\n