Top 7 Cyber Security Tips for Startups
Last year was one of the worst on record for data breaches. Millions of people were affected when hackers gained access to sensitive data via a variety of ruses, including phishing scams, watering hole attacks and stolen employee or contractor credentials.
Thanks to headlines about hacking incidents involving major companies like Sony, Target (News - Alert), Home Depot and eBay, some startup managers might have the mistaken impression that hackers only go after large organizations. But the fact is, data security is a major concern for every company and individual.
Startups typically don’t have a large budget for security, but there are affordable steps they can take to significantly improve their security posture. Here are seven security tips that every startup can use to keep information safer in the workplace:
- Require the use of strong passwords: Passwords are a primary target for hackers, so make using a strong password that contains upper and lowercase letters as well as numbers and symbols a requirement. To make it easier to remember, employees can incorporate symbols and numbers that look like letters, such as “S0ftb@11” instead of “softball.”
- Have employees create unique passwords for each site and change them every 30-60 days: This strategy protects your data in two ways: If one site is hacked, the hackers can’t use the login information to breach data at another site. And if hackers sell the stolen credentials to a third party, the data will stay safe if the password is changed before the sale.
- Require the use of passwords or PINS for mobile phones and tablets: Employees often use personal or company-issued mobile devices to login to secure sites and access databases, and yet many don’t password-protect their devices. Make sure employees do use a password or PIN so that if the device falls into the wrong hands, the information will be harder to access.
- Warn employees about phishing scams: In a phishing scam, hackers pose as a bank or store official and ask for account information or passwords and user IDs via email or phone. They can even create realistic-looking landing pages with a URL that is close to the legitimate organization’s web address. Make sure employees don’t give out information and log in only after entering the URL themselves.
- Ask employees to lock desktops or laptops when left unattended in the office: It only takes seconds for someone to steal login credentials, so make sure employees know to log off and close browsers when leaving their computer unattended, even if they’ll only be away for a few minutes.
- Consider implementing a password management solution: The main obstacle to the use of strong, unique passwords is employees’ tendency to forget them and reluctance to go through the hassles of resetting the password. With secure password management technology, employees only have to remember one master password, and the password manager takes care of the rest.
- Educate employees on cyber security practices: Startup leaders should strongly consider sponsoring an online safety class as part of new hire orientation and existing employee training. It’s also a good idea to provide a cyber security manual referencing best practices and have employees sign an acknowledgement form stating that they understand and will abide by company policies.
Hacking will remain a problem for years to come, and companies must find a way to reduce vulnerabilities if they want to succeed in a competitive economy — that’s especially true for startups. Good cyber security practices are a must, and implementing them doesn’t have to break the bank. By following these seven tips, you can make your data meaningfully safer without a large cash outlay.
About the Author
Edited by Peter Bernstein