In previous articles, we’ve discussed how cyber security consultant companies can help SMEs and why cyber-criminals target small businesses. Today, we’ll share our top cybersecurity tips for new companies and startups, helping you stay safe in an increasingly dangerous online environment.

 

As a new business or startup, you might not expect to be attacked by cybercriminals; however, cybercrime is rife and increasing by the day. A recent survey reported that 21% of UK businesses experienced a cybersecurity breach in the last year, and 18% were attacked on a monthly basis. Here are a few of the best ways you can help protect your business from online threats.

 

1. Install software updates

One of the most effective ways to keep your systems safe is to keep your gadgets and software up to date. Ensure that software upgrades (patches) for your devices and their operating systems are still being released. 

 

Patches aren’t simply for adding new features to software; they’re also used to fix weak points. Developers will often find weaknesses in their software and release patches to address them. By regularly installing new patches as soon as they become available, you can improve the overall safety of your system. Where possible, set your software to automatically install new patches as they’re released.

2. Use multi-factor authentication 

As part of your company’s security strategy, consider safeguarding both your systems and your customers’ accounts with multi-factor authentication (MFA). 

 

By implementing MFA into your systems, anyone who tries to gain access must submit additional information above and beyond their username and password to prove they are who they claim to be. MFA can be applied to both internal and customer-facing systems. Ideally, avoid SMS-based MFA as this is the least secure option. 

 

Enable MFA on all key systems, including:

  • document storage
  • banking services
  • social media accounts
  • email accounts
  • cloud services, e.g. Office 365 and GSuite
  • any other system that holds sensitive data

 

3. Backup your data

If you own a business, you understand how critical it is to keep your data secure. If it is lost, corrupted, or stolen, you’ll rely on a backup copy to get back to business.

 

Make backups automatic so you don’t forget to do them. The value of your data should determine how frequently the backups are scheduled – hourly, daily or weekly, and whether an incremental or full backup is carried out. For example, if you regularly add new client data throughout the day, set your backups to occur every few hours. 

 

Consider backing up the following types of data:

  1. Personal – Employee or customer information, including account details
  2. Business – operational data, manuals and financials
  3. System – system configurations and log files

 

Performing recovery tests should be a crucial element of your backup processes. If you can’t recover from your backups because they become encrypted by a ransomware attack or are corrupted, then they are useless. 

 

4. Have a plan for when things go wrong

Things can go wrong no matter how well you prepare. But if your company suffers a cyber security event, having a plan will give your team some much-needed direction on what procedures to take to keep the business operating, reducing both direct and indirect costs.

 

As part of your wider crisis management strategy, you should undertake Business Continuity Planning (BCP) and create an Incident Response Plan. This puts steps in place to Detect, Respond and Recover from what can otherwise be a potentially stressful situation. It will assist your staff in responding promptly to an issue and strengthen the likelihood of bouncing back after an incident.

 

Learn more on this topic in What Is An Incident Response Plan, And Why Do We Need One? 

5. Update your default credentials

Default credentials give administrator-level access to a system and are usually only used for the initial setup, then changed afterwards. However, often this doesn’t happen. Default credentials are easier to hack than personalised credentials, allowing attackers to enter your systems. 

 

Examine new hardware, software, and any devices that have been factory reset for default account credentials. If you find any, replace them with a new complex password that uses a random combination of at least 12 letters, numbers and symbols.  

 

You may also want to utilise a password manager to keep your usernames and passwords safe. Not only does this allow you to use more complicated passwords without the risk of forgetting them, but they’ll also be encrypted for added protection. 

6. Choose the right cloud provider

Cloud solutions are a popular choice for handling the IT needs of new enterprises and startups. Cloud services enable you to access your data from any device, at any time, from anywhere and provide ample storage capacity.

 

Numerous cloud service providers are available, but not all are created equal. Choosing a provider that treats your security and data seriously is vital. Before you commit to a specific provider, ask them the following questions to gauge their approach to cybersecurity.

 

  • Who is responsible for data backups, you or the cloud service, and how are they tested?
  • Does the cloud provider offer MFA integration and more than only SMS? 
  • How will they respond to a security breach if one occurs?
  • What happens to your data if the cloud provider is sold or goes out of business?
  • Do they have a public security policy and system for reporting issues?  
  • What security testing do they carry out, and how frequently is it done?

7. Only collect data you need

When it comes to cyberattacks, the risks become much greater with more data. Not only are businesses with access to large amounts of sensitive data more likely to be targeted by cyber-criminals, but the fallout of a breach is likely to be far more costly.

 

When collecting data, remember that the more of it you have, the more valuable it is to a cyber-criminal. Only collect what information you need, de-identify data where possible, and ensure you encrypt it both when it’s stored and in transit.

8. Secure your devices

Malware, or “malicious software”, is a common type of cyberattack and one that is much easier to prevent than it is to recover from. Anti-malware software prevents viruses and ransomware from being downloaded onto your system and plays a vital role in any business’s cybersecurity arsenal. 

 

Most operating systems will come with anti-malware software installed, such as Windows Defender for Windows 10 and Gatekeeper for Mac OS X. If you opt to use a third-party protection software, choose one that is frequently updated. Anti-malware protection software should be enabled on any device that accesses your systems or business data, including those owned by employees in a BYOD (Bring Your Own Device) arrangement. 

 

Any security solution should cover antivirus, anti-malware and ZeroDay, as well as encryption of the local storage (disk level encryption). It may also be worth familiarising yourself with MDM if you have staff working off-site (Mobile Device Management) and EMM (Enterprise Mobility Management).

9. Tighten your network security

When looking at the security of your business network, it’s important not just to consider inbound connections but outbound too. For example, by using VPN, you can allow relevant staff to safely access your business network from anywhere, with MFA enabled for an additional layer of protection.

 

You should also look at connections within your business, taking an overview of how various servers connect and whether unnecessary digital links are creating potential weak points. You could, for example, use separate VLANs for different parts of your business network. By using one server for sensitive data and another for staff computers, you reduce the risk of infiltration. You can then further control the connections between those VLANs using a robust firewall. 

10. Use cyber security consultants

When it comes to setting up a new business for success, enlisting the services of a knowledgeable cyber security consultant is an investment that will pay for itself. Helping you set the groundwork to tackle current and future cyber threats, your consultant understands the ins and outs of cybersecurity, so you don’t have to. 

 

At Loopli, we understand that cybersecurity isn’t particularly glamorous or exciting. With so much going on in your new business, it can be hard finding the time or focus to dedicate to building a robust security posture. That’s where we come in. As a cyber security company, we specialise in creating a Goldilocks Framework that’s “just right” in terms of both cost and protection. 

 

If you’re ready to take the next step, book a consultation with one of our cybersecurity experts today.