Anyone at the helm of a startup with any presence in the digital sector has to be keenly aware (even if only subconsciously) of the vital importance of cybersecurity. High-profile data leaks and system disruptions steadily brought it into public awareness, the 2018 implantation of GDPR cast further light on how data can be misused, and the current rush to embrace remote working has heaped further pressure on cloud services.
By Stevie Nicks, Digital Editor at Just Another Magazine
Knowing that it’s necessary to protect digital systems is one thing, though: actually protecting them is another. The potential cost of investing in security services can lead entrepreneurs to question whether it’s better to leave their systems unsecured until they’ve bolstered their revenue — but that option is extremely risky.
Whether you’re in charge of arranging security for such a startup or part of a security company and looking to improve your approach to pitching, you can benefit from knowing how a small company can embrace cybersecurity while keeping the expenses down.
Let’s look at how startups can take sensible (and affordable) precautions:
They can broadly migrate to the cloud
Storing files locally can sound better to some because they fear the loss of privacy that presumably comes with online storage. Surely the best way to keep files safe is to physically protect the drives, they reason, plus it has to be cheaper to work with that relative inconvenience. That assessment is very far from the truth, obviously.
As noted, local storage is less convenient. It makes it harder to access files from afar and requires configuration. It’s also more expensive: bulk buying allows cloud storage suppliers to offer cheap rates and can offer almost no risk of drive failure causing disruption. With local storage you need to worry about the physical protection. And there’s wear and tear on the media. On the other hand, cloud storage drives get physical protection that the average company couldn’t hope to rival, and digital protection that’s top-class. The service provider maintains the physical media and bears the cost for storage expansion (buying additional hard drives). The consumer pays a fraction of the media cost for storage. For instance, you could get 1TB of storage on Google Drive/Google One for $9.99 per month. Google One (for paid plans) also offers other plans: 100GB for $1.99 and 200GB for $2.99. Compare that with the cost of a new 1 TB hard drive (approximately $45).
Cloud migration might sound expensive, but on the whole it really isn’t, particularly if you go through a reseller that can package licenses from a cloud solution distributor that has tight-knit relationships with cloud vendors and can negotiate cheaper prices.
They can cut back on systems to improve security
Regardless of whether companies operate in the cloud, locally, or are using a hybrid approach, they can easily get into the bad habit of installing myriad programs and subscribing to countless services, many of which share data through integrations. The more points of access there are, the more vulnerability there is. It’s hard to keep a castle secure when it has a hundred doors.
Due to this, startups should try to be more discerning about the systems they use. If something can be done through an entire suite instead of numerous distinct tools, it’s better for security. Just one of those tools being compromised could lead to the others being affected too. It’s the same reason why it’s ill-advised to use numerous plugins with a CMS.
At the same time, it may well be better for their finances: they might need to pay more for high-powered suites, but all the money saved on individual subscriptions could well leave their accounts better off (or at least keep their costs even).
They can start following best practices
This is the simplest and cheapest way for any company to improve its cybersecurity. No matter how secure the systems you use may be, they’re always vulnerable to human error through general indifference or incompetence. The moment you give someone access to a system, they can abuse that access, or allow someone it to be used by another (deliberately or unknowingly).
Best practices for cybersecurity are all the things people know they should do but generally don’t bother doing. Using secure passwords, changing them often, limiting admin access to those who absolutely need it, using contractual obligations and NDAs where necessary — all of these things are important, and they’re completely free to implement.
Key to this is training. Every last employee needs to be aware of how they need to proceed, and what they can and can’t do. Putting time and money into training courses (See EC-Council’s masterclasses and training programs) will be a short-term drain on resources, of course, but it’s all justified — and any startup that lacks the budget to invest in basic training has much deeper problems than cybersecurity.
By using cloud services where possible, using suites to minimize points of vulnerability, and following best practices, even the smallest startups can afford to make cybersecurity a priority matter. In the long run, though, the concern isn’t whether they can afford to invest in it: it’s whether they can afford not to.
About the Author
Stevie Nicks is Digital Editor at Just Another Magazine – a website that covers the topics you care about. You’ll find articles about lifestyle, travel, fashion, trends and relationships on our site – each of which is written in our unique style.
CISO MAG did not evaluate/test the products mentioned in this article, nor does it endorse any of the claims made by the writer. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same. CISO MAG does not guarantee the satisfactory performance of the products mentioned in this article.