How to Enhance Cybersecurity While Working in a Startup – Alex Mitchell

There is a growing—and alarming—trend where small businesses and startups don’t consider cybersecurity as a priority. They’re complacent, thinking they’re new and not important, so hackers won’t bother with them.

This is completely false reasoning, not to mention being far from the truth. Hackers often hack for the sake of hacking, so the size and importance of your enterprise are irrelevant. The age of
your enterprise is of no meaning as well.

Here’s a perfect example. This actually happened to a new startup named Ola. This account is published in Medium by someone who uses the name @CodetheDevil. One night while booking a cab from Ola Cabs this hacker realized he was seeing API calls going from his phone. At the time of booking a cab he had been monitoring his phone traffic via a proxy server, and this enabled him to see the API calls. That was all it took for him to get started, and he was soon able to break into their money transaction system and recharge his wallet with any amount he wanted. I won’t go into all the details of how he orchestrated this, but clearly, he managed this because Ola’s security was weak.

Don’t be an Ola. Whatever amount of backing you have, don’t launch a service or app that isn’t 100 percent secure because someone somewhere will take advantage of it.

How to Protect Your Data

If you are a new startup or small business, or even if you’re a significantly sized business, there are several ways you can protect your data. There are methods you can implement to keep both you and your company’s information safe as well as the information of your visitors and clients.

Use a VPN. I’ll lead with this one since it’s one of the most sensible, and easiest ways you can set up a layer of security to protect your data. A VPN will encrypt your data from endpoint to endpoint, and if you’re using a business grade VPN, it will do more than encrypt it once. Ultimately, your data will be encrypted three times.

A VPN will also give you the ability to move about the web anonymously, and should you have remote workers or employees who travel, it will also give you protection when they are away from the security of your own private network.

Your employees are often the weak link because they are not fully aware of how vulnerable the system can be. So it’s imperative for startups and small businesses to take the time to educate their employees in security principles. They should know what a real email looks like and be able to detect a phishing attempt. It should be mandated that they follow best practices and policies in terms of their Internet usage and password creation. And if you’ve provided each user and each device with a VPN service, you can also teach them that they should never log into an unprotected or public Wi-Fi network without first logging into their VPN.

Establish an Incident Reporting Practice. Let every employee know there is a proper procedure in place so that any attacks or incidents are immediately reported to the security team. This will ensure that all measures can be taken to prevent any kind of security breach.

Keep Your Data on a Need to Know Basis. It’s highly unlikely that every employee in the organization needs to have access to all data. So access to information should be limited. Also, employees should be restricted from installing or uninstalling any type of software without proper permission.

The above shouldn’t be restricted to desktops and laptops within the organization. Any company that also provides mobile devices should also have a plan in place that limits downloads to apps that are approved by the company, and general security rules should be followed. In the event where employees are using their own mobile device for work-related issues, there should be rules in place, making it necessary for them to encrypt their data. Avoiding access to public Wi-Fi is also an issue, however, the VPN mentioned above will provide security in terms of both encryption and public Wi-Fi. Finally, It’s also imperative to have security apps installed on their phones and that they always use strong passwords.

Backup Sensitive Data. This is something every organization should be doing regardless, but from a security point of view, it’s always a good idea to have a backup if there is ever a ransomware attack.

Whatever size organization you’re working in, whether it’s a startup or international Corporation, it’s time for all of us to be aware of the need for cybersecurity.