What start-ups need to know about enforcing a cyber security strategy
You can’t guarantee lasting protection, but a strong cyber security culture, employee training, and awareness of data privacy can certainly help
News has not been great on the global state of cyber security lately.
From the devastating malware attacks like WannaCry and Petya last year, to the latest, KRACK – that makes practically every Wi-Fi vulnerable to hackers – the business world has been made painfully aware of the importance of cyber security.
The good news is that as a founder of a start-up, you are essentially starting from zero – so it's much easier to incorporate a security-orientated approach in your way of conducting business.
So, what steps can an entrepreneur take to enforce a sound cyber security strategy from day one?
A strong corporate cyber security culture
The first and foremost step is to make sure that emphasis on cyber security is tightly integrated into both your planning and implementation phase. Start-ups usually employ few people and are an intimate working environment – therefore, they provide management with a great opportunity to ensure a company culture of high awareness and focus on security.
Make sure that you instil that sense of importance to your employees and come up with a dedicated process for risk assessment and mitigation that the start-up will need to implement in its working cycle. No matter how much training your employees receive, there is nothing that sends the message more strongly than a firm stance by management on the issue.
Invest in employee training
That being said, employee training is extremely important – it is not enough that you have the right people on your IT team; all employees must be sufficiently aware of the cyber security risks that might be relevant to your company and know how to avoid them as well as how to respond in case of an incident.
If you think that as a start-up you are pretty much on the safe side of things, as hackers have bigger fish to fry, you might want to reconsider: a 2016 study by the Ponemon Institute revealed that 55% of small and medium-sized companies had experienced a hacker attack in the last year, while 50% reported a data breach incident.
Although one-third of them could not identify the cause of the attack, they identified careless employees and external contractors as the most common cause of data breaches – which only serves to illuminate how important it is to have tech-savvy and educated employees on board.
Place emphasis on data privacy
Data breaches are one of the most important cyber security threats that you will have to deal with, and unless your field of activities directly relates to personal data, you might not yet have fully realised just how much data you are going to handle as a start-up: from info on your clients and suppliers, to data related to your products and services, to personal details of your employees.
This is why implementing a comprehensive data privacy framework is key. Make sure that you correctly identify and classify personal data, so that you can provide extra security for sensitive data collected, as well as analysing pertinent compliance requirements according to relevant legislation.
Conducting a privacy impact assesment (PIA) will also allow you to correctly identify the security measures you have installed as well as your vulnerabilities to data breaches and respond accordingly.
Implementing a thorough cyber security policy might seem daunting, but if you do things properly right from the start, you can gain a significant advantage over attackers and have less to worry about in the future.