Author Jose-Miguel Maldonado
A common misconception is that security is something that you can worry about later when you’re a bigger company. After all, you have other more important things to worry about. Working at a startup or small business, there is always a staggering list of items that are categorized as critical for operations, but (unfortunately) cybersecurity is rarely placed on this list.
Another common misconception is that security is too expensive. However, integrating elements of cybersecurity in from the beginning is not only less expensive, but it becomes easier to maintain that security culture within your company long term. Your investors and customers will thank you!
Here are 5 practical, low-cost tools and best practices that you can implement in your startup or small business which will make a huge difference in your cybersecurity posture:
1. Enterprise Password Manager — Implement for your whole team for nominal fees and it will more than prove its worth in the first year. By implementing a password manager system (managed and controlled by your IT team), you protect the credentials used for cloud accounts and backend systems. Good password managers also provide visibility into your startup’s users to see which folks exercise poor password practices (e.g. password reuse, weak passwords, etc.). Additionally, you can leverage Single-Sign-On (SSO) to simplify the onboarding/offboarding process, as well as securing login procedures.
2. Fostering a Cyber Security Culture — By making cybersecurity a part of your culture from the start, and making it everyone’s responsibility, you are setting your company up for success in the way that each employee does their job and the way that your infrastructure and services are set up. Create cheat sheets on ways employees can exercise “strong cyber hygiene” and regularly test adherence to these practices:
How to create strong passwords
How you can add MFA to your online accounts (https://twofactorauth.org/)
Send out phishing quizzes to all employees (new and old) to help educate them on ways to identify phishing e-mails (https://www.opendns.com/phishing-quiz/)
Educate users on what social engineering is: (https://www.youtube.com/watch?v=lc7scxvKQOo)
3. Check Each Other’s Work — It is true that we have a blind spot when it comes to our own creations or things we work on. Because of this, it is important that you have someone else check your work, specifically for any server/backend configurations. The last thing you want is to have egg on your face because a server was misconfigured and data was exposed.
4. Embrace Mobile Device Management (MDM) — Protecting devices that connect to your company’s Network is absolutely mission critical. MDM “on the cheap” is viable with built-in tools like MDM capabilities in Office 365 and also MDM offerings within G Suite. The more you can protect your data and devices that connect to your Network, the more your potential attack vectors decrease.
About the author: Jose-Miguel Maldonado is the VP of Business Ops & Security at Rubica, a cybersecurity startup, and has acquired a reputation for creating cybersecurity champions out of non-technical people.
Comentários