Every organization is being forced to recognize that protecting its data is a priority now. Big, established companies have the resources to hire security consultants and support huge IT data teams, but smaller companies and startups are left to fend for themselves. Startups especially are at risk. 63% of startups who make it to their 4th year are still in danger of collapse. One data breach could push them over the edge before they even get that far. Here are six ways that cash-hungry startups are protecting their data.
 |
| Designed by Freepik |
1. Keep IT Involved
IT staff should be informed on how employees interact with company data, particularly which applications are used and where the data is stored. And employees must be made to understand that IT is their go-to resource for all data issues. With an increasing number of mobile devices and remote workers, there are greater security concerns. Employees who feel entitled to sync up their mobile devices with the company's network and personal cloud services could unknowingly introduce viruses or malware leading to a costly data breach.
There has to be a sync-and-share policy in effect so that IT has a transparent view of all data resources and activity. Monitoring and access logs should be in place at all times and reviewed regularly. When a data breach occurs the IT department should be the first people you inform. Immediately open a ticket, message them via Slack, or put the task in your existing case management software so that everyone in the IT department is aware of the security threat.
2. Establish a Data Security Policy
Guidelines for sharing information should be the core of security policies. Cyber criminals may target smaller businesses in the expectation that they don't have the knowledge or resources to address known data issues. It's important to take the time to understand how sensitive data is accessed, stored, and especially how it is passed between applications and users, or users and the Internet.
Experienced hackers know the vulnerabilities of common software systems, and proper security requires that IT also identify these problems and take proactive measures. Reducing vulnerability also means deleting unused data or archiving it to isolated storage.
3. Employee Training
One of the cheapest and most effective measures a startup can take is schooling employees on security practices. This usually involves physically securing devices, strong passwords, least-privileged file access, and identifying and reporting suspicious emails or network problems. Staff must also be trained in what to do and who to report to when suspicious computer activity is identified. There were 781 reported data breaches in 2015, and probably more unreported - or undetected. Helping employees understand the risks of cyber attack and means for preventing it affords an extra layer of protection.
4. Conduct Penetration Testing
According to Blue Coat Systems, penetration testing involves probing your own network systems for weaknesses or a cyber attack. Done with software designed for the purpose, it's another cost-effective means of proactively improving network security. Problems must be identified before they can be fixed. There are a variety of applications out there that can accomplish this. Startups who want to go a step further should look into the high-level analytic solutions offered by security management firms.
5. Outsource Cautiously
Many startups lacking the internal resources choose to contract with 3rd-party IT vendors who can provide consultation and services for a flat fee. Service level agreements and transparent user dashboards can make this an attractive option when other sources of expertise aren't affordable.
The simplest solution is for startups to store data on cloud solutions rather than invest in on-site network hardware and software. Reputable vendors are expected to sustain a high level of data-centric security and can provide access to some cutting edge solutions such as analytics and data virtualization. However, it's important that the startup client verify that the vendor's reputation, technologies, and security measures are reliable and a good fit for the business.
Even on a tight budget startups can't ignore the risks. Practical and effective data protection should be high on the list of all business priorities.