Did you know that 91 percent of businesses have reported an increase in cyberattacks during COVID-19? Even before the pandemic, 90 percent of businesses said they saw an increase in cyberattacks, and according to another source, coronavirus-related cyberattacks will continue to rise.
Chances are, your startup will come face-to-face with a cybersecurity threat at some point. Sounds a bit scary, no? It doesn’t have to. You can take steps to take security up a notch and defend your startup against potential threats.
StartupNation exclusive discounts and savings on Dell products and accessories: Learn more here
How to defend your startup against cybersecurity threats
Cybersecurity doesn’t just happen overnight. There are a number of things you must do to beef up your startup’s defense against cybercriminals. Although cybersecurity measures won’t prevent attacks from happening, it will help your business avoid falling victim to them.
Get rid of the “it’ll never happen to me” mentality
Think your startup is safe from cyberattacks? Think again. Cybercriminals don’t just target big corporations: 43 percent of breaches in 2019 involved small businesses.
It’s easy to think “it’ll never happen to me” when you hear about security breaches hitting big companies in the news. But, that doesn’t mean it’s not happening to smaller businesses and startups. It does, even if these breaches aren’t making national headlines as often.
Once you accept that your startup could be targeted by cybersecurity threats, you can take the necessary steps to protect yourself. Understand that common cyber threats come in the form of malware, viruses, ransomware and phishing.
Identify phishing attempts
Sure, phishing isn’t the only type of cybersecurity threat you have to worry about. But, a whopping 91 percent of cyberattacks begin with a targeted phishing email, which is why it deserves to be singled out. So, what exactly is phishing?
Phishing is a type of attack where a fraudster pretends to be someone trustworthy to get your personal information (i.e., taxpayer identification number, account numbers or passwords).
In a phishing attempt, you generally receive an email or text message urging you to click a link, open an attachment, or dial a phone number. A targeted phishing attack, called spear phishing, is an attack that specifically researches and targets you.
So, how do you identify (and thus avoid) phishing attempts? Some telltale signs that you’re the victim of an attempted phishing attack include messages that:
- Say they notice suspicious activity or login attempts
- Come from an unfamiliar email address
- Urge you to take action immediately (i.e., click a link or open an attachment)
- Claim your account or payment method has problems
- Have spelling or grammatical errors
- Require personal or banking information
If you’re unsure about an email, hover over the links to see what they really would route you to—don’t click on them. Phishy links might have a number of random characters and numbers. Or, they might route you to a domain that’s similar to the actual domain of the entity they’re impersonating, but with key differences.
If you’re still unsure, check directly with the person or place contacting you to verify they did in fact sent the message.
Use security best practices
You can also defend your startup against cyberattacks by using security best practices. These best practices require you to put in a little work and spend a little extra money. But by taking the time to set up secure measures and purchase secure systems, you could save your startup a nice chunk of change…
…A nice chunk of change averaging $200,000. That’s how much the average business has to pay when they fall victim to a cyberattack. Further, 60 percent of businesses go out of business within six months of the attack.
Instead of taking chances, take a look at some security best practices to use in your startup:
- Use complex and varied passwords (10 or more characters, at least one number, upper and lower case letters, etc.)
- Use multi-factor authentication
- Set up a firewall
- Install antivirus and anti-malware software
- Encrypt sensitive information
- Don’t use public WiFi unless you have a secure VPN
Train your team
Last but not least, you can’t be the only one using security best practices, identifying phishing attempts and taking cybersecurity seriously. If you have employees, you have to get them on the same page. Train your team on security best practices, teach them to identify phishing attacks and put your security policies in writing so everyone is clear on your expectations.
Conduct regular security training to keep employees updated on new cyberattack techniques and upcoming security best practices. You might consider using a security awareness training system to help you with the process.
Pay attention to trending scams. For example, the IRS releases an annual “Dirty Dozen” list of common tax scams. And with COVID-19, you could receive phishing emails claiming to be from health advisors, like the Centers for Disease Control and Prevention.
Understanding the risks of cybersecurity attacks is just the beginning. Once you acknowledge that nobody is immune, you can take steps to protect your startup from making an expensive security mistake.