You are a target. No matter how small your company, hackers are looking for a way in to your website and customer data. More than half of small companies in the US are targeted by criminal hackers every year.
Hackers’ break-in attempts will never stop, so you need to create a culture of security in your startup. Security must be central to your business because when hackers succeed, 60% of companies fail within six months.
1. Poor Network Security
People are the enemy of security because everyone takes shortcuts and is lazy at times.
Passwords are the first line of defense in any computer network. Employees using the same network password as they use elsewhere is a major cause for concern. Any data breach in the other network also means that the employee’s access password to your secure network is compromised. You can get around this by enforcing monthly password changes.
Employees write down random passwords on paper or on their phones, negating their effectiveness as a security tool. One workaround is to implement letter/number/symbol combinations, but let employees choose passwords that they can remember.
If employees log on to the company network using their own unprotected devices it exposes every connected machine to attack. The best way around this is to provide employees with phones and tablets for work-related use with random inspections to check for games and non-business data.
2. Data Theft
BYOD is a major source of data breaches and you should consider whether the savings are worth the risk.
Many individuals are lax about the security on their phones and tablets which will expose any company data to public scrutiny on the wireless networks those people use.
Then there is the added risk of an employee leaving the phone on a train or other public place, which could lead to a data breach that you might not even be told about for fear of a reprimand. If there is one thing worse than losing your company data, it’s losing it and not knowing your customers’ credit card details and addresses have been lost.
3. Poor Website Security
If you have a WordPress site then install a security plugin such as iThemes Security.
The screenshot above of an iThemes Security installation shows all the free options available in the dashboard. The pro version gives you even more security settings you can change.
A second aspect of web security is theft of your web copy. The Internet is full of webmasters who think it is legal to clone your page or copy your images. These thieves rely on the immense nature of the Internet and know you are unlikely ever to find them.
You can invest in any of a multitude of web scraping tools to continually check the Web for copies of your proprietary images, data, and text. When you find clones, you can issue DMCA take down requests, which will prevent any cloned site from outranking you in Google.
Physical security in the form of an alarm system and locked doors is always going to be an unavoidable expense.
Burglars target buildings that are empty at night or weekends and offices are particularly tempting because of the high-value printers, computers and ancillary equipment they contain.
Losing your $1,000 computer or laser printer is always going to be a financial blow, but if your customer data is stored on that machine, it is a disaster. If your passwords to your website or bank account are stored on the device, or written on a note on the screen, then your troubles are magnified ten-fold.
The best system will alert you to any unusual activity detected by external cameras before any damage is done. You can then inform the police while the criminals are still on-site.
5. Loose Lips
Every company has secrets their opposition would pay for and every employee you take on is an added security risk. Ensure every new hire signs a non-disclosure agreement and have a lawyer draw up a contract that protects you in the event of your employee deciding to leave.
You can reduce the chances of someone talking to the opposition by supporting staff members in their personal development and having a good atmosphere where everyone’s contribution is valued.
If you are not stressing security-awareness in your employees, then your business is headed for disaster because a data breach will destroy you.
You can reduce the chance of a data breach if you have good systems in place, but constant awareness is necessary to thwart the never-ending stream of hacker attacks every business is exposed to.