Tips for startups wanting to protect their data

Data is the lifeblood of any business. Critical to organisations of all sizes and sectors, it powers growth, enabling business leaders to make the decisions that come from insight and evidence. But when businesses are in startup mode, protecting data can fall to the bottom of their “to-do” list.  Here are five simple tips which will give you the peace of mind that comes with knowing your data is backed-up securely.

1. Use automated cloud-based backups

Having files automatically backed up to the web is extremely easy these days and provides the highest level of confidence & redundancy. The Backblaze tool means you don’t need to worry about a physical component on the network or determining which files are valuable enough to backup - it simply copies every file on the hard disk to a secure, remote location. They have a web UI which allows you to recover lost files, and if the worst happens they'll even mail you out a mirror of your disk on a physical drive.

2. Don't commit sensitive tokens to code repositories

Once you commit API keys and certificates to a code repository it's often a pain to put right - issuing new keys and certificates, updating environments and client apps all takes up valuable time. It's better to invest the time up front and ensure you're first leaning on environment variables or a similar approach and have an automated check in place to ensure these types of tokens are never merged.

3. Make sure you're not backing up infected files

Having infected files and data backed up to local or remote drives is only going to exacerbate any issues when you come to rely on it for recovery. It's critical to have strong endpoint protection in place to capture infections early and prevent the initial upload of such files, plus stop the spread of such infections should they find their way onto shared backups.

4. Have a handle on user data

If you handle sensitive financial documents and other sensitive user data it’s important to have controls and processes in place to ensure you're meeting your requirements under GDPR. Google Workplaces for example provides automatic alerting of many categories of sensitive documents being backed up on users’ Drives - such as credit card numbers.  Tools such as Nightfall look extremely promising in this area, providing coverage for Github, Confluence, Sales Force and many other common tools used by startups.

5. Work in the cloud

Perhaps the simplest - try to keep all work in the cloud! Many, if not all, of our documents are created and edited within the Google Apps suite - that means we have copies and revisions of everything we create. All of our contracts are signed using Docusign which means we know it’s safe should we ever experience an incident.