How to protect your startup from cyber attacks without overspending
If you thought cyber attacks were only directed at high profile individuals and large multinational companies, think again. Around two thirds of such attacks are aimed at small and medium enterprises (SMEs) – like startups.
Why? Because SMEs generally have a less stringent attitude towards cybersecurity. With that in mind, let’s take a closer look at ways in which startups and SMEs, including those here in the UAE, can increase their cybersecurity – without increasing their spend.
Specifically, this article will consider ways to:
- Detect data breaches and protect businesses
- Educate employees on scams and suspicious emails
- Make regular offline server back-ups
Detect data breaches and protect businesses
Some 90% of small businesses don’t have any data protection at all. This makes them easy pickings for hackers – who can deploy all kinds of malware and ransomware, as well as viruses, denial of service attacks, and much more.
It can be very costly to recover from this. In fact, after the USA, Saudi Arabia and the UAE have the most expensive data breaches in the world – an average cost of over USD 5m.
While it’s not unusual for hackers to demand large sums of money, often they’re searching for something else that can unlock a bigger prize – such as email addresses, customer details, and passwords.
However, data breaches aren’t always as obvious as many might think. Often a company can be completely unaware of the fact its security measures have been breached. For a long period of time.
The means they could be unwittingly supplying data-harvesting hackers with a steady stream of personal information.
Protecting your startup through regular checks
There are a number of ways you can tell if your business’ IT equipment has been hacked. For example, you may see unwanted screen popups, or discover that your internet searches are being redirected. Or you might find that your mouse cursor behaves strangely on-screen. These are all tell-tale signs that something’s not right. But sometimes it can be far more subtle.
Checking your company’s security protocols should be the first thing you do. If you think you might be hacked, shutdown and disconnect any equipment that might be infected. Then change any online account passwords – particularly banks and other financial institutions to prevent any upheaval – and call any other service providers to let them know.
You should also consider restricting access to all vital company information – such as finances, accounts, billing, client contact data, even passwords. If you use a cloud-based service to run your business operations – such as Google’s G-Suite – only provide document access to those who actually need it. Keep things on a ‘need-to-know’ basis.
Educate employees on scams and suspicious emails
Phishing emails. They’re obvious aren’t they? Badly written, often lengthy scams requesting that you ‘send money immediately’ in order to unlock an inherited fortune (or similar). Not any more. Things have changed significantly.
In recent years scammers have become much more sophisticated. These days you may receive well-crafted messages claiming to be from a bank, insurer, or other official body that are virtually indistinguishable from the real thing.
As a result, even the most sensible and cautious employees can easily be fooled. Consider the case of Dubai-based Cheers Exhibitions, whose employees were duped into sending a hacker nearly AED 200,000 in September 2019 when fake bank account details were supplied.
Protecting your startup through employee education
An obvious sign of a scam is when the sender requests bank details, passwords, personal, or any other form of specific information. Express to your employees that they should all instantly treat any message, email, or call asking for this kind of information as suspicious.
Often these requests are from those looking to gain access to something valuable. Even by supplying seemingly innocuous or casual pieces of information, employees may be creating risks without knowing it.
A great way of drawing attention to the issue is to instigate a company engagement initiative. This could be as simple as a one-off meeting to highlight the risks – a lunch and learn, perhaps – or a more rigorous form of training. The options are there.
Make regular offline server back-ups
An increasing number of companies are considering cloud migration as a means of upping their IT stack’s latency, capacity and performance. And in doing so, they’re relying on a third party to host their company data.
However, should the data centre itself be compromised, everything could be lost. Which is why a hybrid solution is often popular for smaller businesses – using a mixture of on-premise and cloud storage.
Protecting your startup through back-ups
Local, on-premise storage – whether a stack of in-house servers or a single laptop or desktop – is often preferred by many small businesses, many of which are still paying for legacy software licenses.
So alongside regular back-ups of your in-house servers or computers, adding in a cloud storage solution means you are in the best possible position should disaster strike. Just ensure that where ever you’re storing data, that it’s constantly updated so you can always keep trading.
Cybersecurity is actually just common sense for the most part. While companies can invest in robust solutions like cloud security, remote server environments, data encryption, and so forth – these can be very expensive if you’re running a fledgling free zone startup.
All things considered, a clear set of company guidelines, active awareness initiatives, and regularly scheduled backups can make a lot of difference. However, as your business scales, employs more people, and takes responsibility for more data, it’s important to consult a specialist business services or IT provider on the best course of action.