Five rules to ensure your start up is protected from cyberattacks

With international cyberattacks peaking at the end of 2021, founder are starting to get more serious about digitally protecting their companies from the outset.

With 60% of small businesses being forced to shut down within six months of a cyberattack, incidents like these becoming more and more common. Just under half of all organised attacks targeted small firms, making them the single biggest target of any business cohort.

With all the complexities associated with shoring up your companies' cyber-defences – from understanding the variety of threats and solutions to finding the right team to help create a robust defence strategy - it can feel overwhelming for a founder to tackle this obstacle. Here we outline five steps to ensure the cybersecurity of your business is always high up on your list of priorities.

Commitment from the top down

First, make sure your organisational leadership is committed to cybersecurity. Chief information security officers (CISOs) or similar are becoming increasingly common in companies with the sole responsibility of cybersecurity across an enterprise.

However, you don’t need a CISO to show leadership. Ensure someone on your board – and ideally an executive and non-executive board member – is responsible for overall cybersecurity. In some territories, such as Europe and the UK, GDPR regulations require this by law.

Best way to pass, is to test

Next you need to solidify your networking security by running a series of vulnerablity tests. This is where a paid actor, acting on your behalf, tries a series of ways of attacking your network and identifies vulnerabilities which you can then mitigate.

Company tech should always be up to scratch

Thirdly, you need to ensure all applications used by your company are up to date with the latest upgrades for cybersecurity. Web applications, as discussed, are particularly vulnerable, and make sure you understand where the points of risk lie with them.

Empowering your team

Depending on what stage your company is in, the fourth most important factor is to implement staff training from day one. This should involve everything from secure password management to understanding what to do in a disaster recovery scenario.

Strong passwords as best practise

And finally, implement strong password management. Anecdotally accurate data is hard to come by as many organisations are reluctant to share how often they have been attacked – poor password management is one of the most common methods of attack for cyber criminals.

To minimise the threat, ensure all staff use secure passwords with multi-factor authentication.

What to do next

Make sure you have a named cybersecurity lead in your organisation. This may end up being you. You should then – either internally, or by procuring a cyber expert organisation – do a review of your vulnerabilities.

This should address your risks, mitigations and then prepare plans to put in place if the worst happens. Importantly, you need to constantly horizon-scan the cybersecurity landscape. Your cyber plans should be iterated and updated as new risks emerge.