How to tackle cyber security as a startup
Cyber security and cyber-crime are growing issues for businesses of all shapes and sizes.
During 2021, ransomware attacks grew by 100% and about a third of organisations were victim to some form of attack. According to Accenture, 43% of cyber-attacks are aimed at SMEs – but only 14% say that they are actively prepared to defend themselves. Cyber-attacks come with a hefty price tag, too. The insurance company Hiscox estimates the average cost impact of a cyber-attack is $200,000, with 60% of smaller companies targeted going out of business within six months of an attack.
In the face of these growing cyber security concerns at a time when businesses are working harder than ever to mitigate risk, startup business owners and managers need to take action to protect their business, if they haven’t already.
As Chief Technology Officer at Miss Group, a global web hosting business which works with more than a million small and medium enterprises around the world, I’ve experienced many issues that are unique to SMEs and startup businesses when it comes to managing cyber security.
It’s important to note that cyber-crime comes in many forms, including ransomware, phishing, data theft (financial, personal and/or intellectual property) and stopping business operations (DDOS). Each of these requires a different protective approach and should be considered thoroughly.
Unfortunately, many small businesses and startups underestimate the complexity of protective requirements and therefore find themselves under protected.
Budgets are also a concern as very few startups have large tech budgets to enable bespoke cyber defences. But at the same time, startups cannot withstand the financial interruption that a cyber-attack would cause, so protection cannot be overlooked.
At Miss Group, we build protection into the digital services and experiences we provide our customers and employees – either through security built into the fabric of the data centre and network infrastructure we manage, or by providing add-on services that allow customers to build a more bespoke, cost-effective option that’s appropriate for the company’s needs.
Robust cyber security needs more than the simple deployment of software. Hackers can also attack through weaknesses in operational processes and communication channels, such as e-mail, instant messaging platforms and smartphone apps. Businesses must invest time in understanding what risks they face and, therefore, which protective products they need.
At Miss Group, we recommend a five-step approach to assessing and improving cyber defences – and we use this approach for our own security, too. In fact, this approach is one that’s recommended by NIST Cyber Security Framework in evaluating cybersecurity risks.
If you aren’t sure how to tackle your own business’ cyber security, here are the five key areas we recommend focusing on to get started:
- Identify – Identify the main business and commercial cyber security risks your organisation faces, prioritise the ones which have the greatest impact on critical business activity and determine where and when these Cyber Business Risks may occur.
- Protect – Implement a series of protection solutions, such as passwords, SSL certificates and Virtual Private Networks to restrict or prevent a potential attack. This can also include penetration testing of your systems to spot areas of weakness.
- Detect – Implement activities that enable you to identify if a cybersecurity attack is happening, such as anti-malware or virus solutions and electronic detection of unexpected probing or usual transactions.
- Respond – Use software and processes to respond rapidly to any attack, limiting its impact and preventing/reducing further damage.
- Recover – If hackers have been successful in breaching your systems, typically they will encrypt or steal data, plus cause havoc by critically damaging your IT systems. Businesses need to ensure they have adequate backup and restore capabilities to enable them to rapidly rebuild systems and restore their business operations.
Cyber security is not a simple task to ticking actions off a list – it requires an ongoing approach with a dedicated person or team responsible for making sure your cyber investments are focused on your major business risks and keeping the company safe. For startups, where only be a few people typically run the day-to-day business, outsourcing is a great way to tackle this. Your hosting provider is often a good place to start.