Building a startup? As a founder, you probably have a never-ending list of things to do and set up — and cybersecurity should be one of them. By putting cybersecurity measures in place now, you’ll protect your business from malware, and send a message to hackers that you’re not an easy target despite your small size. To start, work through these 5 cybersecurity best practices for growing businesses.
#1 Monitor each app and data
With startups, a big part of the behind-the-scenes work is figuring out which apps and systems your company is going to use, and the parameters you’re going to set around data.
Once you’ve settled on the apps (think Zoom, Slack or Dropbox) and data handling principles, communicate these to your employees. But your startup cybersecurity work doesn’t stop there: it’s important to keep tabs on the apps and any data breaches they are dealing with that may leave your company vulnerable. The same goes for data. Make sure that access is limited to the people who need that information to do their job, and back up your data regularly in two places: the cloud and an external hard drive.
#2 Create strong passwords supported by MFA
Ideally, your employees should have a unique, complex password for every account they use during their workday, including email, collaboration systems and the intranet. Many people reuse and recycle passwords, which might make your employees’ lives easier but also increases the chance of a cyber attack. If a cybercriminal manages to guess one password, they could gain access to multiple accounts — and the sensitive information contained within them.
One of the best cybersecurity tips for startups is to guide your team to create passwords with at least 12 characters and a mix of uppercase and lowercase letters, numbers and symbols. They should avoid using any personally identifiable information, and aim for sentences or phrases over single words as they’re easier to crack.
Along with teaching your team about password hygiene, it’s a good idea to implement multi-factor authentication (MFA) across key business accounts. With MFA, your employees will need to enter their username, password and one more piece of additional information — usually, a code sent to their phone or email — before they can log in.
Top tip: As your company grows, consider investing in a password manager to store, organise and encrypt passwords so your staff doesn’t need to memorise them. The best password managers can also generate strong passwords for you, and notify you if any of your passwords have been involved in a breach.
#3 Put effective group policies into place
To avoid compromising your startup’s security, it’s worth setting rules about what employees can and cannot do. If you have team members working from home, it’s worth asking them to:
- Connect to a Virtual Private Network (VPN) before logging on to your company’s intranet and internal programs like Slack, Zoom and Gmail. VPNs encrypt data and hide your IP address, protecting your employees’ privacy and anonymity online and securing their internet connection.
- Encrypt their WiFi network. To do this, they can go to their router’s console settings and choose WiFi-Protected Access 2 (aka WPA2) for their network and AES for the algorithm. These settings secure the data your employees send and receive so it can only be read by their own devices.
- Enable their router’s firewall. Most routers have a built-in firewall that monitors traffic entering and exiting your network and prevents unauthorised users from gaining access. If an employee discovers their router doesn’t have this feature, you might want to look into buying them a separate firewall to protect their WiFi connection — and all the company data they access online.
Along with implementing group policies, set up employee training on cybersecurity. Often, human error is the cause of data breaches — for example, someone might accidentally open a phishing email and download malware onto their company computer.
In the training, focus on the basics, like how to spot a suspicious email and why it’s crucial to accept all software updates as they pop up.
#4 Use reliable endpoint protection software
Even at the startup stage, you probably have employees communicating with each other via wireless devices, like laptops. Enter: Endpoint protection software. This type of software protects small businesses against cyber threats as devices “talk” to each other. It’s one way to keep your startup safe.
ESET Protect Complete offers endpoint protection, as well as a multilayered defence against a range of cyber threats often targeted at businesses, like malware, ransomware and identity theft. It secures WiFi networks and webcams, which is important if your team is using video conferencing software for meetings. The software also safeguards cloud email, collaboration and storage systems (like Google Drive), and it has a remote management feature to make it easier for you to manage your company’s cybersecurity, even if you have employees working from home.
In the perfect world, your employees would have a work computer that they’d use solely for work purposes, and a personal device for everything else. But there are many reasons why this might not be a reality. Maybe you’re not ready to invest in new devices yet, or maybe your employees are running personal searches, online shopping or checking social media on their company devices while they’re working remotely. Endpoint protection software can be installed on both work and personal devices for peace of mind.
#5 Rely on local hard disk encryption
All of your company and customer data should be end-to-end encrypted. Most computers and smartphones have operating systems that fully encrypt your data to prevent unauthorised access, so stay on top of those software updates to make sure your hard disk’s encryption is airtight.
Part of ESET Protect Complete, ESET’s Endpoint Encryption seamlessly encrypts your data and protects your company and its clients from data breaches, which can be devastating.
Secure your startup against malware now
Running a startup is as exciting as it is challenging. There are so many things you can do in terms of cybersecurity, but these non-negotiables will put your company in the best possible position. Sign up for ESET’s free training: cybersecurity tips for small businesses.
