In today’s world, every business uses some form of technology. With our dependency upon technology increasing and technological advancements being made daily, comes an increased vulnerability to cyberattacks. Technology startups are even more at risk of being targeted by cyber criminals than most. Unfortunately, startup companies are often tied up with the tasks of obtaining seed money and growing their business and often overlook cyber security, as an essential component of their business plan.

Many startup companies and small to mid-sized businesses feel that their company is too small to fall victim to a cyberattack or data breach. When in fact,

“half of all small to mid-size businesses in the U.S. experienced a data breach in the past year and 55% experienced a cyberattack. With the average cost of a cybersecurity incident costing the smallest company, $35,967.”

(For more information, take a look at this infographic from Property Casualty 360 on the current Cyber Threat Landscape to Small and Mid-Size Businesses by clicking here.)

As part of McSweeney & Ricci’s commitment to helping Startups grow, below are:

Seven things that entrepreneurs need to know about cyber security

1. There’s no such thing as being too small to fall victim to a cyberattack

Some businesses may believe that cybercriminals only target high profile organizations like those we hear and read about on the news. However, a Ponemon Institute study revealed that 55 percent of Small and medium sized enterprises (SMEs) experienced some form of cyberattack. If your technology startup business uses any computing device, the internet, or has a digital presence such as a website or cloud account, then your business is at risk of cyberattack.

Most attacks are now carried out by automated malicious software and scripts that seek out vulnerable networks and computers regardless of the size and nature of the business. Most small businesses and startups have no dedicated IT staff to focus on online security yet, It is increasingly vital for startups to make security a shared responsibility across all members of the organization.

2. Your primary threat is Data Breach

Of all the common cyberattacks you should be aware of, the primary one is data breach. Data breach is when cyber criminals try to steal your company’s data by gaining access to your databases. Personal and financial information are sold on the black market for use in identity theft and fraud. Startups who have websites or apps that gather client information such as ecommerce, online support, or CRM are prime targets for such attacks.

You may think that large organizations that have experienced data breaches such as Sony, Dropbox and LinkedIn survived the data breach fallout so you shouldn’t worry too much about such attacks. However, these major companies have resources and longstanding relationships to weather such issues. Startups don’t fare too well dealing with loss of customer trust and stained reputations. According to the U.S. National Cyber Security Alliance, 60 percent of small businesses fail within six months after suffering from such attacks.

3. Your secondary threat is ransomware and malware

Security company Kaspersky identifies ransomware among the top cybersecurity threats to businesses today. Ransomware are a specific type of malware (malicious software) that infect computers (including mobile devices) over a vulnerable network. The ransomware encrypts files on the compromised computer. Users won’t be able to access the files unless they get a decryption key by paying ransom to the attackers. Even with paying the ransom, there’s no assurance that attackers will actually honor your payment.

Most ransomware attackers demand between $500 to $1,000 in exchange for your files. Some ransomware such as Jaff demand as much as $4,000. Ransom payments are often in cryptocurrencies like Bitcoin due to the anonymity these methods offer. The major impact to businesses isn’t exactly the ransom but the disruption to the business. Getting locked out of all your work files can halt your operations indefinitely.

4. Threat Number 3: DDoS attacks

Distributed denial-of-service attacks (DDoS) render your website or server inaccessible by overwhelming your network with traffic. An hour of downtime from a DDoS attack can cost up to $20,000 for a third of companies. For high transaction websites such as ecommerce services, this figure can be upwards $100,000 for every hour.

Small businesses are often left to weather the downtime and absorb lost sales and productivity. Even if not directly targeted, SMEs could still be affected by DDoS attacks on larger infrastructure providers. In 2016, thousands of sites and services went down after a massive DDoS attack hit DNS provider Dyn.

5. People are often the weakest link

People are often the weakest link in a security chain. A BakerHostetler report found that most security breaches are caused by human lapses. Many systems are left vulnerable to data breaches and ransomware attacks through phishing where people are tricked into clicking on links and installing malware.

Some can even bring these threats into your infrastructure by carelessly plugging in their own phones, notebooks, and storage devices to your network and computers. Educating yourself and your staff on the best day-to-day security practices would be a worthwhile investment to prevent attacks caused by human error. Have security policies in place that would govern how you and your staff should be using your IT resources.

6. Access control counts

Know to whom you’re giving infrastructure access. As a startup, you may be unnecessarily handing out critical infrastructure access to just about anyone like that freelancer you hired to build and maintain your page may still have access to your servers or the guy you let go last week may still have the passcode to void transactions on your POS system.

Today, most administration tools and services allow you to set user roles with corresponding levels of access so that you can control who gets to do what on your infrastructure. Encourage people to use strong passwords and protect them at all times. Revoke access of anyone not working for your company as soon as they are let go. Cover yourself legally as well by putting in nondisclosure clauses to prevent them from leaking passwords on agreements with people you involve in the business.

7. Invest in security and cyber insurance coverage

As a startup, you may be averse to take on added expenses. However, cybersecurity is just one of the IT investments you have to make. Besides, there are cost-effective anti-malware and security software that you can use for your office computers.

McSweeney & Ricci specializes in providing custom insurance programs for each stage of your startup to ensure you are covered in the event of a cyberattack. Know the risks and put programs in place that would help you avoid getting hit by cyberattacks down the line.

The risk professionals at McSweeney & Ricci can provide you with Cyber Coverage to keep your startup business protected in the event of a data breach or cyber threat. Contact our startup insurance expert, Patrick Leary  at 844.501.1360 for more information on a business insurance program, including cyber coverage, that is suited to each stage of your startup.

Article Sources:

www.CIO.Com from IDG. Written by: Ralph Tkatchuk 08/15/17 “7 things startups need to know about cybersecurity”

PC360 01/15/18, Shawn Moynihan