For startups, user growth, product growth, virality, marketing usually goes on the top of their priority list. As part of product planning cycles, embedding information security into their product/service is the last concern for most startups.
Which is deeply ignored here? Information and data securityEven though, systems engineers, infrastructure engineers or system administrators can perform research on the procedures to apply patches, harden databases, or implement remediation as a result of the industry breaches, they might not take every decision or option from security perspective.
According to last year’s Information Breaches Survey conducted by PwC for the Department of Business Innovation & Skills: 87% of SMEs had a security breach in the last year; and only 9% of small organizations know that outsiders have stolen confidential data.
It is very important that you understand your business threats before you can protect your data. Perform risk assessment and prioritize your data, assign threat levels, assign risk score and evaluate the appropriate controls that you want to protect against.
Most of the startups run their servers and infrastructure hosted in a third party public cloud (such as AWS, Google Cloud, Rackspace etc). With the amount of cloud security breaches happening, it’s important to select the right hosted solution for your organization that cares about customer’s data. And there are these third party email ticketing solutions & other vendors who manages company’s payroll, staffing solutions and the list goes on. Your role as security assessor is critical when startups establishes relationship with these third party vendors.
In an exclusive tweet chat with BWdisrupt and Its readers on Friday, 10th June 2016, Sastry Tumuluri, an IT security professional, gave 10 tips to secure your businesses from data breaches.
Tip 01: Use password managers to create unique, long & complex passwords.
Tip 02: Use 2-Factor-Auth like SMS / G-Authenticator for Twitter, FB, etc.
Tip 03: Invest in security education. “Constant Vigilance!” - For everyone in the company.
Tip 04: Protect your customers. Use HTTPS for your website.
Tip 05: Scan your website for vulnerabilities & fix any problems. There are free / inexpensive services.
Tip 06: Watch your servers like a hawk. Security monitoring is not cheap, but good options are emerging.
Tip 07: Use Ad Blockers like uBlock Origin. They block malvertising and they also speed up browsing.
Tip 08: Watch the links you are clicking. Use bookmarks for frequently used sites.
Tip 09: Take regular backups of your code & data. Store your data securely offsite. Verify it for restoration.
Tip 10: Use a reputed email service; enable their security features like SPF, DKIM & DMARC.
BW Reporters
This is Meghna Shukla. She lives in Delhi. She is an engineering graduate and currently pursuing MBA from Jaypee Business School. She has a work experience of 2 years in content development. She loves to read and write.
