Code on device

Founders’ Reading List: 5 Security Gaps in Startups

Let’s establish one thing right away: startups are nearly as vulnerable to security breaches as Fortune 500 companies. However, big businesses can survive data breaches. Small businesses, like startups, have a harder time doing so. In 2017, 61% of cyber attack victims were businesses with under 1,000 people (.pdf warning). Because these attacks are costly, it’s estimated that 60% of small businesses who have suffered a cyber attack will go out of business within six months.

So what’s a startup to do with these sobering statistics?

Fully Consider Your Specific Threats

Long before you see launch day, every startup needs to do a security risk assessment and regular gap analyses. This is an all-hands-on-deck situation, and ideally those hands include your lawyer and a security engineer. Startups who screw up their security risk assessment by either not giving it their full attention or not doing it until after they’ve launched are startups more likely to fail.

Involve Security In IT Strategy

When you’re considering things like dedicated web hosting versus managed web hosting, security needs to be part of the equation. There are plenty of financial and strategic reasons to choose one or the other, but security needs to be involved in the decision so resources can be deployed properly.

Don’t Invest in the Wrong Security Tools

There are lots of excellent security tools out there. Many are startup friendly. Some are even free. You may want packet sniffers, network intrusion detectors, penetration testers, debuggers . . . you get the idea. However, with a low burn rate being very important to startups, it’s important to invest your security budget in the right tools.

This goes back to your security risk assessment. The priorities that assessment identified should be reflected in the security budget.

Don’t Ignore the Basics

Strong passwords. Two-factor authentication. Training against phishing attacks. You’ve seen these topics written about to death. But guess what? Security basics are where most startups go wrong. Only a quarter of workers are using two-factor authentication, which should be a standard practice. Moreover, nearly everyone gets phishing emails and three quarters of businesses suffered from phishing attacks last year. Good security starts with the basics.

Consider Professional Cybersecurity

Your startup may not have the expertise to manage cybersecurity. Or it may not have the time. Or your security needs may be relatively minimal, even though you still value good security. In that case, it may be smart to hire a cybersecurity firm, expert, or managed hosting provider to assess your needs and help you out.

Remember, the cost of hiring cybersecurity starts in the low thousands. The cost of a cybersecurity breach to a small-midsize business averages $46,000 and can grow to consume the whole company. Contact iWeb today to learn more about protecting your data and business.