As cyber attacks become more common, the security demands on your business grow.
Today, companies are expected to have extensive security strategies and many have an entire department dedicated to this work.
But how do you do it as a start-up? In companies with scarce resources, things that are not burning here and now can easily fall by the wayside. That’s why Hidden Dreams CTO, Johan Lindblad, guides you as a startup through his top five IT security tips.
Hidden Dreams builds startups on an assembly line and has founded 15 tech companies since its inception in 2019.
The organisation helps their companies succeed by providing expertise in every conceivable business-critical area, from legal to IT. And an important part of company building is working proactively with upcoming business risks, such as cyber attacks.
– Cyberattacks on businesses have reached record levels in recent years, particularly in 2021 when the number of attacks in Sweden really skyrocketed. For a startup that often does not have a lot of financial muscle, a security breach can be devastating as it can lead to significant expenses and loss of revenue. It is also brand damaging on a broader level. But as long as you implement some security measures and make it a habit to continuously educate all employees on the issue, you will at least protect your business from the most common and likely cybersecurity problems, says Johan Lindblad, CTO and Founding Partner at Hidden Dreams.
Five keys to success for your company’s cybersecurity
1. Put on your security glasses
The first and most important thing is to think about your threat model*. For the vast majority of startups, for example, the risk of the CIA infiltrating the business is not likely or something you need to worry about. But what are your likely threats? What data do you store? And who might be interested in it? Review your business by asking the right questions. All countermeasures cost money and energy you spend on one thing can’t be spent on another at the same time, so focus instead on the risks you might actually face.
*This is a structured approach to identifying and prioritizing potential threats to a system, and determining the value that potential constraints would have in mitigating or neutralizing those threats.
2. Don’t get personal – back up!
IT security is broader than just preventing unauthorised access. Another important aspect is how securely you and your colleagues manage your own information. For example, it is common for many people to store their files locally on their computer; if you work in a large team and depend on the work of others, it can have a small impact on an entire working week if someone is home sick and has not put their work files in a shared storage space. And let’s say a colleague loses their computer or it breaks down, then invaluable work and data can be lost completely. So, put in place an approach to how you as an organisation manage your work to avoid huge unnecessary costs and lost time.
3. One password to rule them all
You need strong and unique passwords and the easiest way to do this is with a password manager, such as Bitwarden, LastPass or 1Password. Choose a single strong “master password” and let it generate the passwords for all other pages. If you have the same password on all your websites, you are just one data leap away from having your logins available across the internet.
4. Beware of phishing
Phishing is one of the most common forms of cyber attack. A phisher tries to steal sensitive user data by pretending to be a trustworthy sender, such as your bank, a government agency or your mobile operator. The cybercriminal lures you with an email or text message, for example, often asking you to click on a link, which can lead to the installation of malicious software, data leaks or the freezing of your operating system as part of a larger ransomware attack. The easiest way to protect your startup from phishing or ransomware is education, introducing cybersecurity days where you go over common phishing warning signs and the importance of caution when clicking on external links sent to you.
5. Introduce simple but clear incident management
Ensure that you as an organisation know how to respond and what your ‘step by step plan’ is in the event of a data breach or any other type of data leak, the quicker you act the better. This is because less is likely to be lost both in terms of important data and the reputation of your business. You can demonstrate to shareholders, the media or other key stakeholders, for example, that you have acted in accordance with your incident plan and quickly regained control of the situation. Confidence in your business and information management is therefore less damaged, as it would certainly have been if you had not had any type of incident management.