When your business is in the startup phase, protecting data can pose a real challenge. To begin with, you may not have even thought about which of your company’s data sets are vulnerable; often the whole concept of security only emerges as a business gets underway. Also, startups are typically short of cash, and security spending may be hard to justify to your partners - especially since you probably don’t have a designated security specialist on your payroll yet. However, cyber criminals are ready to exploit the tendency for startups to have weak security safeguards. It’s worth keeping in mind that the cost of a data breach averages $188 per record, and the number of records compromised in an average breach is 23,647 according to a benchmark 2013 study by Ponemon Institute. If you do the math, that means an AVERAGE sized data breach costs $4.4 million – and many breaches are actually much larger than that.
1. Set up a formal security plan
Chart out who in your company has access to which data, and create a policy to govern this access. If personnel are using their own laptops or mobile devices, ensure that the devices themselves are protected by long, strong passwords and institute a schedule for changing these passwords. As your business grows, monitor compliance with your plan and make sure that it continues to evolve as needed. The FCC has published a “Small Biz Cyber Planner” that can be a big help in developing your plan.
2. Initiate training right from the beginning
As you bring new employees on board, it’s the perfect time to give them a round of security awareness training. Undoubtedly it won’t be an entirely new concept to them, but the goal of your training program should be that everyone in the company is adhering to the same policy. You don’t have to go to the trouble and expense of creating your own training material from scratch: there are a number of well-made videos and slide-share presentations available on all aspects of security.
3. Keep business correspondence safe
Many of the risks to businesses come about as a result of viruses, spyware and malware contained in emails. Review the characteristics of spam with all personnel, and institute a company-wide policy for deleting any questionable emails without clicking on any links. Purchase and put in place the latest security software and make sure your operating systems are set to automatically upgrade. The National Cyber Security Alliance, a watchdog group, gives many details about best practices for keeping business correspondence safe. SecureDocs also presented an informative webinar on understanding and protecting against advanced malware.
4. Plan security for mobile devices
Mobile devices are part of almost every company’s network, and they are easily stolen little portals into your corporate data and your entire business’s operational information. Most smartphones and tablets aren’t constructed with critical data security in mind, although the iPhone 5S fingerprint reader is a big step forward in that direction. Make sure to include all of your mobile devices in the security plant that you develop for your startup.
5. Take extra precautions for your sensitive data
A basic security principle states that the fewer copies of vulnerable information there are, the safer that information is. This can prove tricky when several employees need access to sensitive information. Rather than constantly trying to safeguard critical records that are spread across multiple devices, consider the utility of using a virtual data room. By restricting the type of access employees have to your most crucial data and storing it in a highly secure physical and digital location, you make use of professional expertise in stopping cyber-crime. There will still be important training that you need to give all personnel, but you will feel more confident knowing that your company’s security doesn’t depend solely on every employee remembering to follow protocol.