As a startup you are very busy with a million things - VC pitches, perfecting your product, getting your team together, firing up your passion, catching up on sleep, coping with butterflies in the stomach and so much more. Life is on a roll and there is no time for anything but to get the product out in the market and to bring the money home.

And in the middle of all this, I come along telling you that you need to secure your information assets! And of course you don't have the time for this silly housekeeping activity which is not going to bring any revenue home. So you just brush it off saying you will do this later and that (a) you have anti-virus and some firewall in place, (b) you are just starting out and are too small to be of interest to any cyber-criminal.

Well you just made  two or three very clichéd excuses for bad luck to come your way! 

Reason # 1
No one is too small or too big for a cyber-criminal. You have a computer and you are connected to the internet and the machine has some weaknesses -- that's enough. The crook may not get your bank password, or the data on the machine may be gibberish, but then it can be used as a bot and contribute it's small or big processing power to a criminal network!

Let us take another scenario - you are too small so you have only one machine and this crook encrypts your data and asks you for $1000 - what will you do? Pay up or leave the machine in an unusable condition... and then start writing your dream programme all over again... only to be hit again!

Yes you can be hit multiple times. The most famous company to get hit multiple times is Sony; and mind you these were big hacks.

Another scenario - you are also using your lone machine for netbanking. Boom, when this guy compromised your machine he got his hands on your netbanking credentials, your address book and all the emails and documents in the machine - oh and those personal pictures too!

Let's talk business since your life is all about the startup -- you are driving to get your brilliant idea off the ground and will make you the next Mark Zuckerberg. 

Reason #2

Practice safe computing, take care of hygiene issues and you will take care of more than half the risk you are living with. A few things you should do...

• Create a separate email which you should use for mailing lists and online registrations
• Use a separate machine (if possible) for your banking and sensitive work but it will be as weak as any other if you do not take care of hygiene issues
• Hygiene means that the OS and any programs should be always updated with latest patches, your anti-virus signatures must be current. Install anti-malware, do not use pirated software, regularly carry out backups (test the backups at least twice a year)
• Use a password vault like keypass, lastpass etc
• Do not open attachments from unknown persons. In fact do not open emails from unknown person and enable the spam filter on your mail client or mail server
• Updated patches on machines includes your servers and devices
• Conduct a process / security audit at least annually (to begin with) and a vulnerability assessment followed by a penetration test on your IT infrastructure
• Enable 2 factor authentication (2FA) on your email and laptop. 2FA means enable your phone to get an OTP or PIN from the bank or the service provider for all logins
• When you register at various sites they provide you with an easy method to sign in by giving you a one click option to use your existing Facebook / LinkedIn / Gmail credentials. Always avoid this, because this allows all these sites and services to freely access your contacts and do a lot of stuff which may embarrass you some day. Use your 'add on' email address and password to create new accounts
• Oh yes, do not share passwords as this is a common practice in places where toothbrushes, clothes or ideas may be shared among blood brothers!
  
  

Of course you will need hi-tech stuff like SIEM, DLP, IRM, UTM and all those new-fangled techno solutions because they will all contribute to give you a good night's sleep. They may not really be able to stand up to a determined attack, but that too is another story.

Finally, if you are reading this and you are not a startup, you still need all this in place and more. You may be a small scale enterprise or an enterprise sized enterprise, or a government entity - whatever you may be, it is time to realise that you are living, eating and breathing cyber risk and cyber threats and that you need to secure yourself.

Information Security is not too difficult if you really get down to doing it, so just don't put this off. In case you have a new excuse - drop me a line and I shall help you shoot it down. And, if you have a question, link with me on GlobalLinker.