Entrepreneurs need razor sharp focus on their business development and key aspects around it. Early stage startups are no less than a tight-rope walk balancing budget, customer acquisition and market validation.
A new business today needs an always-ON employee/partner base to support the always-ON customer base. Digitization is the only effective means to such a foundation.
However, securing the digital assets, customer data and mobile work-force is no mean task. It is a complex challenge to provide employees the means to be productive from anywhere, anytime using any device.
Hiring, training and paying for an IT security team can not only be a distraction, it can also be draining on the budget for an early stage start-up. Custom building the IT and SecOps infra (internal digital assets) remains a challenge as predicting growth for an early stage business is not easy. It can also turn into difficult-to-liquidate liability very quickly, if the growth and road to profitability becomes a longer struggle and either the idea shuts down or pivots to something new, which is not uncommon.
Most importantly, not thinking of security is not an option. Regulations, compliance related penalty and reputation costs can easily kill a budding business. It has to be built-in to the business plan from day zero.
So how exactly the entrepreneurs and young start-ups overcome the security challenges in a remote, increasingly mobile work place ?
Trust the public cloud
Public cloud is more secure than the prevailing (although changing) perception. Apart from providing PAYG (Pay as your grow) models, which is easier to plan and budget during unpredictable early stages, it also provides many security hooks in-built for the always-ON, mobile / remote work-force.
For the secure messaging, emailing, work, tracking, customer relation management etc. it is both cost effective and secure to go to the SaaS providers.
We need to keep in mind that most security breaches happen because of loopholes in access and policy setting, defects in software and awareness of the users of technology. Most doors are left open by unintended human errors. The more simple and automated the policy enforcement, the more secure the assets would be.
Trusting large public cloud system administrators, with process maturity, and industry leading SLAs is a safer bet than building your own security team.
The economy of public cloud may become a consideration to use one’s own IT and SecOps infra at certain scale and level of growth.
However, scale and growth are great problems to have for a startup. Congratulations. It’s been successful!!
Turn MFA ‘ON’
Multi-factor authentication using an OTP via SMS or an app on a user's mobile phone adds a multiplying effect to your security preparedness. Most account and access compromises happen using the brute force password cracking tools. A second factor authentication drastically reduces a chance of a compromise. Especially when the users have extreme password fatigue in this app driven world, and end up setting repeated, weak passwords.
Encrypt everything, back-up often
One of the common security threats for growing startups is data loss, customer information breach and ransomwares. One such unfortunate incident can be a deadly blow to a start-up marring its reputation and emptying the wallet with legal dollars. Ransomwares are becoming doubly potent by adding exfiltration to their usual strategy.
Every bit of critical information need to be encrypted using industry leading encryption technology and should be backed-up frequently to ensure business continuity.
Invest in end point and mobile security (as a service)
Both the enterprise supplied end points (work laptops) as well as personal devices (home laptop, or personal mobile phones) can be secured with a multitude of security features (e.g. Anti-Virus, Anti-Ransomware, Distributed Firewall, compliance checks and device posture). One of the most common reasons for a compromise of a user device is because of not applying OS security updates. An endpoint security agent will flag those as lack of compliance and make sure users apply the required patches in time. The other common breaches through employee devices happen while using free, insecure public WiFi. Many modern end point security solutions alert the users if the WiFi is not secure enough.
Leading end point security solutions available today can provide a one-stop, cost effective solution for most common compromises while providing greater flexibility to the work-force to be productive anywhere, using any device.
Security is an endless game (literally). Most lapses in security originates with simple ‘phishing’ messages and user awareness regarding best practices. That is exactly why there is no dearth of “they did everything, yet got hacked” stories.
A regular ‘security’ mock-drill for ‘phishing’, a policy to allow only strong passwords, mandating MFA for enterprise applications are some of the basic steps that would reduce the risk drastically.
As a start-up maintain a basic level of security hygiene from the beginning, built them in to the business processes and go back to focus on your ‘business’.
Bibhuti Kar is head of R&D at Quick Heal Technologies. The views in this article are his own.