Even after the General Data Protection Regulation was enforced in May this year, big brands like Reddit, Timehop, Polar Flow, and Ticketmaster have fallen victim to hack attacks affecting millions of users’ data. But they are hardly the only ones who should be worried. In fact, according to government figures released in April 2018, over four in ten businesses suffered a breach in a year. Fortunately there are ways for startups on a tight budget to protect themselves against laptop-wielding larcenists.
Speaking exclusively with Elite Business, Elijah Lawal, Google’s online safety commutations manager for the UK and Ireland, believes it’s more essential now then ever to beef up your system against cybercriminals. “A security-first ethos across your business should be adopted from day one,” he said. “And training the staff of the hows and whys must be a part of every new employee’s on boarding process.” He added that in most cases cyber crime has human error as the reason and not technological glitch and humans are the “weak link which causes a breach.”
It’s indeed not uncommon for employees to click on phishing emails they receive, especially if they’re tempted with a free iPhone, and then with one click the whole company can be in a compromising position. “We call the frauds bad actors in our Google office and some of them are very sophisticated in the way they operate,” Lawal explains. “Their emails are made to fool entrepreneurs.”
What can budding business people do without blowing their budget? Well, luckily for you there are at least five things you can do.
(1) Adopt two factor authentication
Just like we need a PIN and a debit card to withdraw money from a cashpoint, a two factor authentication is similar to an extra barrier protecting your website. In the tech world you would have a password but this would entail having a code that’s sent to your phone or a security key. “The reason for this is most people today don’t have the time to come up with complicated passwords so a two factor authentication is a blessing,” Lawal said.
(2) Give the employees limited access
Many business leaders spend thousands of pounds on their security system but end up as a victim because they’re too open about the access provided to employees. For instance, does the legal team need access to a brand’s customer sales records? Probably not. “Companies should be wary of who gets the key or passwords and that should depend on why they need it,” Lawal said. “Adopting a zero-trust model is the best protection for entrepreneurs.” In case an employee gets redundant on the wrong foot and has the access to important documents, it can prove to be dangerous. Chiefs must have admin privileges to the more sensitive data and sometimes employees get access to that through work devices.
(3) Update, update and update again
We’re all guilty of ignoring the pop up which keeps reminding us to update our software. This is probably the most “underrated things that employers don’t do,” according to Lawal. There might be vulnerabilities in older software or operating systems, he said. It might seem like a hassle to update software and have to restart your phone or your laptop but that’s the key thing with security. It requires a little bit of effort but is a step closer to better security and it doesn’t cost a penny.
(4) Don’t have password as your password
“Passwords are the gateway to your online life – it’s the key to your lock,” Lawal said. The most secure passwords should use a combination of upper case and lower case letters, characters and numbers. It takes less than ten minutes to crack a password with six characters according to him. And if you insert an uppercase letter and a number, the lead time to crack it jumps to three years. Looking at that, spending an extra minute to get creative with these is well worth your time.
(5) Have a security plan
If you follow the above four to the T chances are you won’t get an attack, Lawal said. Of course preparing beforehand is important but head honchos must have a plan for what to do after an attack happens. “Do you have a team in place who can look at the extent of the damage and data that has been leaked?” asked Lawal. “A team to deal with the police? You should have networks in law enforcements. And a tech informed person who can then stitch your whole system before more damage is done.” The worst situation for any startup is leaving their systems open after being attacked, which invites more criminals.
It might seem like a Herculean task but looking at how technology rules most businesses, consequences of one silly mistake or click it’s more essential now than ever for startups to inculcate all these practices before they get targeted by web stealers.