With the development of internet technology, the barriers to entry into business have decreased. But worst of all, opportunities for cybercriminals have opened up. Their activity has paralyzed the work of large companies around the world. These same scammers can also endanger smaller businesses.
Often, startups are extremely limited in resources and therefore have to be careful about how they allocate funds. And while the full range of security tasks is important step in a company’s development, it is not always a step that young projects can take. When investing in security, you need to base it on the size of the business and the amount of risk.
What kind of security does a small company need? A startup should strategically focus only on what it needs specifically and follow security guidelines. And as a company grows and adds new employees, their focus will change, too.
How can you protect your business from cyber threats?
There are six major threats to small businesses with limited resources. What can you do to protect yourself from these threats?
1. Don’t touch suspicious emails!
Phishing is any attack in which users share their passwords. A classic phishing technique involves sending emails to users that require passwords to access an online bank, Facebook account, or any other site that is likely to be used as a target.
Phishing emails usually contain a link to a Web site and instructions for action, prompting users to click on the link urgently. When victims click it, they see a fake copy of a known website and a prompt to enter their username and password. What happens in the end? People simply give the attacker their data.
Solution: Multi-factor authentication (MFA).
MFA is protection, advanced authentication, a method of controlling computer access with additional owner confirmation requirements. MFA is quite effective in blocking phishing because it makes a normal password insufficient to hijack a user’s account.
2. Malware prevention
Malware refers to any software designed to gain unauthorized access to a computer’s computing resources or to the information it stores. Attackers usually convince the user to download and run malware. For example, many sites offer “free installations” of Firefox and Chrome. But many of them contain malware bundled with the browser.
Solution: Install antivirus
Malware is one of the oldest threats, existing since the early 1980s. So antivirus is also one of the oldest risk mitigation measures. The main task of an antivirus is to detect malware and block it from downloading.
Antivirus software should be used by all companies in all workplaces as a basic precautionary measure.
3. Protect yourself from a ransomware virus
A ransomware virus is just a type of malware, particularly for encrypting and downloading files.
All of the malware protection methods described above are effective in preventing such cases, but there are a number of additional measures.
Solution: Keep offline backups.
Cloud-based solutions do a great job of preserving data from any natural disasters such as fires, earthquakes, and coffee spilled on your computer. But because they are network-linked, if a user’s computer or account is compromised, the attacker will have access to the cloud drives as well.
Corporate cloud providers, such as Microsoft OneDrive for Business, save versions, but only in fixed numbers. Hackers know this and can therefore simply overwrite files to exhaust the version control limit and encrypt the information.
The solution to this problem is to keep offline backups, which means placing backups of data in a specific location. The key advantage of an offline backup is that it’s hard to just delete. This allows them to be protected from encryption viruses that demand ransomware.
4. Protect yourself from 0day
0day (zero-day vulnerability) is a term for unpatched vulnerabilities and malware against which no protection mechanisms have yet been developed. In other words, the vulnerability or attack becomes publicly known before the software vendor issues a fix for the bug. This means that the vulnerability can potentially be exploited on working copies of the application without the possibility to protect against it.
Solution: Update software.
The easiest way to protect yourself is to use software updates. Especially since most software vendors are quite careful about sending updates to their users.
5. Don’t do everything on corporate resources
Mail servers and websites are favorite targets for attackers. By accessing them, hackers can change content, launch spam campaigns from the mail server, and perform other business-destructive activities.
Solution: Use the cloud.
The best recommendation, in this case, is to use cloud services such as Azure, AWS, etc. Cloud security is not perfect, of course, but if early-stage security of web servers is not crucial to the business, the options offered by major cloud vendors will probably suffice. In any case, try to delegate this area of business to third parties.
6. Be prepared for lost or stolen devices
Startups usually always have a few employees who prefer to take work home. This means they either take work laptops home or access work servers from home via laptops and phones. Sooner or later, someone loses a computer or has it stolen. And whoever steals it gets not only an expensive device, but also access to company data.
Solution: Enable protection on mobile devices.
To protect corporate data if a device is stolen, corporate services should impose at least minimal requirements on those who try to access it. For example, Microsoft Exchange may require that all phones and PCs accessing the server meet minimum requirements. Minimum precautions should include:
- PIN/Password. The device should require a PIN (for phones) or password (for laptops) to unlock.
- Device encryption. The device must have been encrypted so that the disk cannot be read. Many modern operating systems encrypt the file storage by default.
- Modern operating systems. No phones from five years ago and no Windows XP. Security is probably not the goal of your startup, but security is essential for every startup.
Originally published Oct. 18, 2021.