Getting your startup off the ground is hard enough. Between working long hours and trying to line up investors, you’ve got enough on your plate. The last thing you want is your clients and supporters (and your company!) to become the victims of a data breach. While your brand and reputation may recover in time, the best way to handle cyber security is prevention. Here are some steps you can take to reinforce your data.
Begin with the basics.
Formulate a security plan from the ground up. Begin with the structure of your organization, and consider which employees need access to which components of your data. Don’t grant complete access to everyone unless you need to, as the more widespread your logins and passwords are, the easier they it is for potential intruders to gain access to them.
Have one device dedicated to one area of your company. For example, keep all financial data on one computer that is not to be used for any other purpose. This will minimize any security threats that arise from general web browsing, spam emails, and the like.
Assess the hardware your employees will be using.
Consider connecting to the Internet using a LAN cable rather than Wi-Fi, as Wi-Fi networks may be breached. If you do use Wi-Fi, make sure the network is hidden from the public. Keep devices’ software up-to-date, as many updates include security features. Make sure all devices are password protected—And make sure that password isn’t “password.”
Consider passwords your first line of defense.
When it comes to passwords, make sure they are difficult, even if it means additional problems for your employees from to time. Use varied cases, symbols, and avoid incorporating personal information (for example, don’t make your pet’s name your password). And the more characters, the better. Furthermore, change that password every 90 days and never reuse old ones. Keep track of passwords in one central, secure place, and don’t let any websites remember them. When communicating password information within your startup, do not do so over email or text message.
Encrypt your data.
Use programs available on your device that will encrypt your data for you. Such programs are not fail-proof however, and additional steps should be taken in conjunction. One important step is to have your device log you out after a certain length of idleness, which will allow the encryption to complete itself for the previous session.
Vet your third party vendors thoroughly.
Do your research and shop around when seeking a third party platform. Common third party vendors include Constituent Relationship Manager (CRM) systems and/or payment processors. Find out about their security and any breaches they may have suffered in the past.
Don’t forget about the paper trail.
Private data that exists on printed documents will need to have a procedure, too. Documents that you do not need to keep should be shredded and disposed of in the trash on trash pick up day. Documents that need to be saved should be stored in a proper locked facility. If the documents are archives, move them to another location, such as a secure storage facility.
Learn from others’ mistakes.
Read up on massive data breaches of the past, and find out where their vulnerabilities were. While it may seem that there was little to do to completely stop these breaches before it happened, there were certainly ways to minimize the damage. Be sure to learn from those cases and implement additional changes to your startup to further protect it from data breach.
Have a Plan B.
In the event that your data is compromised, have a course of action already in the works. It is important to notify your clients immediately, especially if their payment information is part of the breach. This notification will also do wonders to maintain the trust and reputation you’ve spent so much time building. You may also want to contact a lawyer, depending on the nature of the breach. Cyber and/or hardware insurance is another great option to reduce the liability to your company.
Whether your startup is storing sensitive data or not, it is always best practice to have a security plan in place. If you plan to grow your startup, think a few steps ahead and determine additional layers of security that will need to be established. Vigilance can save you a substantial amount of grief should you experience the worst—but of course, let’s hope you never need your Plan B!