How to protect your business from the inevitable hack coming its way
A lack of adequate cybersecurity is the critical risk too many businesses fail to take seriously.
Responding to a flurry of emails. Caring for restless children. Cycling through endless Zoom calls. Busting boredom and procrastination. Scanning through dozens of Slack channels. Fretting about the future. It’s just another day in the life of remote working.
With so much going on, one thing that rarely enters our mind is cybersecurity — and that’s where the danger lies. Hacking threats have spiked during the global crisis as security resources are stretched thin, workplace communication is in disarray, and employees feel stressed and isolated. Under these unique circumstances, it’s a matter of when, not if, most businesses confront a cyberattack.
Small businesses are particularly vulnerable with less budget to defend themselves and less financial wherewithal to survive attacks that on average cost $3.9 million. In fact, 60% of businesses fail after suffering a hack. Yet strong cybersecurity doesn’t have to carry an expensive price tag. Instead, founders can lean on a few effective tools and a conscientious culture to get the job done on a start-up budget.
Put your head in the cloud
There’s simply no way to completely eliminate the threat of a hack no matter how much time and money you devote to it. However, one of the dangerous assumptions that many business leaders make is that something not connected to the internet is safe from hackers.
“Your system may not be directly connected to the internet, but devices are coming in and out of that environment that have been connected to the internet,” notes Scott Everett, Co-Founder & CEO of Eigen Innovations, an IIoT solutions provider to factories and manufacturers. “Historically speaking, it’s been people’s laptops or thumb drives that have caused problems.”
Cloud infrastructure is a cost-effective way to put an extra layer between your data and cyber thieves even if an employee’s smartphone or laptop is compromised. What’s more, cloud-based solutions from leading providers like Oracle, Microsoft, Amazon and Google are very diligent about continually updating their security measures. Of course, start-ups will still require a member of their team to check for the latest updates and integrate them once available!
“It’s a changing and dynamic world,” says Everett. “There are always going to be people trying to push the envelope, so your best defence is an offensive strategy of keeping everything up-to-date.”
Keep an eye on your passwords
Speaking of passwords, they are a critical component of any successful cybersecurity program. Yet nearly three-quarters of consumers use the same password for multiple logins and many haven’t changed them in more than five years! It’s not surprising that roughly 40% of those surveyed by TeleSign have had their personal information compromised.
Experts recommend proactive measures such as multi-factor authentication, network segmentation, and regular password refreshing as low-cost ways to mitigate risk. Start-ups should make sure to impose at least some password requirements for devices that will access your network.
“This one should be table stakes for any organization, but it would surprise you how many companies don’t enforce this,” says Cerys Goodall, President & COO at InnerSpace, an indoor location service provider.
It’s important to be particularly mindful of shielding any personally identifiable information of employees or clients — names, emails, imagery, or smartphone information — behind the proper firewalls. This ensures that data won’t be exposed in the event of a breach and your organization’s reputation will remain intact.
Mindfulness of maliciousness
Cybersecurity success rests on everyday employees adhering to protocol and being alert for malicious activity. It’s exceptionally difficult to reverse-engineer a culture of cybersecurity in a large organization, so it’s up to founders to emphasize its importance in the early going and establish norms around good behaviour.
Creating a positive feedback loop around cybersecurity issues is key. When employees are rewarded for reporting threats and double-checking when they aren’t sure if something is safe, they will be encouraged to continue doing so. This drastically reduces risks and keeps IT teams from continually putting out cybersecurity fires.
Though cybersecurity is a collective effort, start-ups will eventually need to add dedicated cybersecurity staff as they grow and their data becomes more enticing to hackers. Cybersecurity expert Michael Graham — who has held senior posts at Google, Box and Zynga — suggests hiring that first advisor once a start-up hits 30 people. This person should be able to identify where the company is currently vulnerable and patch new holes as it grows.
Like everything in the business arena, cybersecurity threats are always evolving and that means protections should too. Regular audits and constant diligence is the only way to insulate businesses from becoming the next hacking statistic. It doesn’t have to be a Herculean effort, just a little attention. Take it seriously — the next attack could be closer than you might think.