The rise in web technology over the past few decades has led to a boom in online businesses all over the world. Nowadays, it would be impossible to run a business on pen and paper these days. With the ease and convenience of digital and web-based technology, however, comes a caveat: many more businesses are at greater risk of compromise due to cyber attack.
Hackers are improving their techniques and technologies at a breakneck pace, in order to make money off of companies and faults in their networks. As a result, it is important now more than ever that businesses make sure their computer systems are secure. For example, attacks like WannaCry ransomware, which shook businesses of all sizes to their cores and swept the Internet just a few years ago, are going to become more commonplace in the future, so it’s important to take note.
Here are five things all startup CEOs and CTOs need to know about cybersecurity and how it should play into their business strategy.
1. Any business, big or small, is at risk.
It may seem like only large businesses are at risk for cyber attacks and cybersecurity failure. After all, these large companies would net the greatest payout from ransomware or stolen financial information. But the truth is small and medium sized businesses (SMBs) are actually at greater risk, partially due to this misconception.
In a study by the Ponemon Institute, up to 55 percent of SMBs faced some sort of cyber attack or security compromise. This number will only rise in the short-term as hacking techniques outpace the technology to mitigate it.
2. Humans are some of the weakest points of any cybersecurity system.
Humans are often a company’s greatest liability in terms of cybersecurity. People often leave sensitive information written on paper. They leave their computers logged on, unattended, displaying sensitive information. They click links that lead to websites containing malicious content. Basically, a great deal of cybersecurity faults occur due to negligence and ignorance. Keep your teams up to date with the best practices in security. Log off your computer system when you leave the computer for any period of time. Beware of phishing scams. Be aware of whatever links you click. Ensure that any antivirus software your computer operates is up to date.
3. Malware and ransomware are huge threats.
Malware is any software that is meant to have a deleterious effect on a system’s operation. This could mean slowing down the disk, creating a point of access for unauthorized users, or crashing the system. Ransomware, which has exploded in usage recently has become a serious issue for SMBs.
Ransomware is technology that locks up access to a computer system’s files by a user or admin until certain demands are met, usually payment of large sums of money. Kaspersky Lab has been on the forefront of fighting this technology, with a decryption code for Jaffa, common form of ransomware that charges $4000 to unlock. Just a few years ago, the WannaCry ransomware spread across the Internet, allegedly distributed by the North Korean government, demanding payment in Bitcoin to unlock it.
4. DDoS attacks can be a disaster.
DDoS attacks, meaning Distributed Denial of Service, hamper a business’s ability to operate by overloading their networks with outside requests for information that never get followed up on. These attacks can crash or block up a company’s servers but can be avoided with proper firewall technology, denying anything that is deemed suspicious. It is highly recommended that an organization invests in both software and hardware firewalls in order to protect their most vulnerable and sensitive data.
5. Avoid too many points of access.
As more mobile and Internet of Things (IoT) proliferate, so do points of access to an organization’s data networks. This can be disastrous, should one of these points be compromised—which is common. In a study by Aurora Networks, the healthcare industry serves as an example where mobile and IoT products create holes in their defense systems. According to a study done by Aurora Networks, more than 88% of healthcare organizations have experienced some sort of IoT compromise.
IoT and mobile proliferation are a huge security risk in this and many other industries. The reason is they create points of access to vital information and, as put by the the Office of Civil Rights August 2018 cybersecurity report, “Anyone with physical access to such devices and media, including malicious actors, potentially has the ability to change configurations, install malicious programs, change information, or access sensitive information — any of these actions has the potential to adversely affect the confidentiality, integrity, or availability of PHI [primary healthcare institutions]”. Virtualization is one means of protecting against this vulnerability, granting a device temporary access to a database and rescinding this access once activity is complete.
Startups need to protect themselves against the risks they face on the Internet. Cybersecurity is not, as commonly held, an issue for only the rich, giant corporations. Because larger corporations have windfall to protect them from the ensuing managerial and media firestorm following a data breach, these attacks can have an even more disastrous effect on small to medium sized businesses.