7 things startups need to know about cybersecurity
by Kishan Cv CEO Helping organizations effectively use cloud,It’s hard to imagine any business that doesn’t use any form of technology these days. The problem is, any computing infrastructure or equipment
can be exposed to various methods of cyberattacks. Just last May, the
WannaCry ransomware affected more than 10,000 organizations of all sizes
in more than 150 countries. The attack caused stoppages in critical
services and operations such as the UK’s National Health Service and
several of Renault’s automotive manufacturing plants. Last year, one
billion Yahoo users saw their accounts hacked, costing the company
dearly.
While these reported ones were about large organizations,
there were many anecdotal accounts of SMEs getting hit by the attack.
Many of these smaller organizations are running on older systems and
have little to no protection. Startups often get tied up with the more
pressing parts of the business such as sales and operations that most
often overlook security as part of your agenda. Here are 7 things
entrepreneurs need to know about cybersecurity.
1. No such thing as too small
You
may think that cybercriminals only target high profile organizations
like the incidences we often hear and read about on the news. However, a
Ponemon Institute study reports that 55 percent of SMEs experienced
some form of cyberattack. If your business uses any computing device or
the internet or has a digital presence such as a website or cloud
accounts, then you are at risk of cyberattacks. Most attacks are now
carried out by automated malicious software and scripts that seek out
vulnerable computers and networks regardless of the size and nature of
the organization.
According to cloud security provider Indusface,
SMEs, which are more at-risk due to their limited experience with
cybersecurity measures, are required to deal with today’s complex
threats. Most small businesses have no dedicated IT staff that focuses
on such things. This is why it’s important for startups to make security
a shared responsibility across all members.
2. Threat 1: Data breaches
There
are several common cyberattacks that you should be aware of. The first
one is data breach. This is when cyber criminals seek to steal your
company’s data by gaining access to your databases. Personal and
financial information are sold on the black market for use in identity
theft and fraud. Startups who have websites or apps that gather customer
information such as ecommerce, online support, or CRM are prime targets
for such attacks.
You may think that large organizations that
have experienced data breaches such as Sony, Dropbox and LinkedIn
survived the data breach fallout so you shouldn’t worry too much about
such attacks. However, these major companies have resources and
longstanding relationships to weather such issues. Startups don’t fare
too well dealing with loss of customer trust and stained reputations.
According to the U.S. National Cyber Security Alliance, 60 percent of
small businesses fail within six months after suffering from such
attacks.
3. Threat 2: Ransomware and malware
Security
company Kaspersky identifies ransomware among the top cybersecurity
threats to businesses today. Ransomware are a specific type of malware
(malicious software) that infect computers (including mobile devices)
over a vulnerable network. The ransomware encrypts files on the
compromised computer. Users won’t be able to access the files unless
they get a decryption key by paying ransom to the attackers. Even with
paying the ransom, there’s no assurance that attackers will actually
honor your payment.
Most ransomware attackers demand between $500
to $1,000 in exchange for your files. Some ransomware such as Jaff
demand as much as $4,000. Ransom payments are often in cryptocurrencies
like Bitcoin due to the anonymity these methods offer. The major impact
to businesses isn’t exactly the ransom but the disruption to the
business. Getting locked out of all your work files can halt your
operations indefinitely.
4. Threat 3: DDoS attacks
Distributed
denial-of-service attacks (DDoS) render your website or server
inaccessible by overwhelming your network with traffic. An hour of
downtime from a DDoS attack can cost up to $20,000 for a third of
companies. For high transaction websites such as ecommerce services,
this figure can be upwards $100,000 for every hour.
Small
businesses are often left to weather the downtime and absorb lost sales
and productivity. Even if not directly targeted, SMEs could still be
affected by DDoS attacks on larger infrastructure providers. Last year,
thousands of sites and services went down after a massive DDoS attack
hit DNS provider Dyn.
5. People are often the weakest link
People
are often the weakest link in a security chain. A BakerHostetler report
found that most security breaches are caused by human lapses. Many
systems are left vulnerable to data breaches and ransomware attacks
through phishing where people are tricked into clicking on links and
installing malware.
Some can even bring these threats into your
infrastructure by carelessly plugging in their own phones, notebooks,
and storage devices to your network and computers. Educating yourself
and your staff on the best day-to-day security practices would be a
worthwhile investment to prevent attacks caused by human error. Have
security policies in place that would govern how you and your staff
should be using your IT resources.
6. Access control counts
Know
to whom you’re giving infrastructure access. As a startup, you may be
unnecessarily handing out critical infrastructure access to just about
anyone like that freelancer you hired to build and maintain your page
may still have access to your servers or the guy you let go last week
may still have the passcode to void transactions on your POS system.
Today,
most administration tools and services allow you to set user roles with
corresponding levels of access so that you can control who gets to do
what on your infrastructure. Encourage people to use strong passwords
and protect them at all times. Revoke access of anyone not working for
your company as soon as they go. Cover yourself legally as well by
putting in nondisclosure clauses to prevent them from leaking passwords
on agreements with people you involve in the business.
7. Invest on security
As
a startup, you may be averse to take on added expenses. However,
cybersecurity is just one of the IT investments you have to make.
Besides, there are cost-effective anti-malware and security software
that you can use for your office computers.
In addition,
security-as-a-service is now a thing which means you don’t have to make
heavy upfront investments on security applications and appliances to
protect your network. Instead, you can subscribe to scalable security
services such as web application firewalls and DDoS mitigation services
for your online infrastructure and applications.
Startup cyber security is just among the many realities IT
professionals must focus on. Know the risks and put up programs in place
that would help you avoid getting hit by cyberattacks down the line.
This
Article Source is From :
http://www.cio.com/article/3201744/data-protection/7-things-startups-need-to-know-about-cybersecurity.html
Sponsor Ads
Created on Dec 31st 1969 18:00. Viewed 0 times.