Why Security Should Be Top of Mind When Creating a Business

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.entrepreneur.com/article/234788

The to-do list for launching a new business is incredibly long and labor
intensive. Consequently, security tasks usually fall by the wayside for
reasons like lack of funds, resources or know-how.

Because security is often at the bottom of a startup’s checklist, new
businesses are at the top of cyber criminals' target list. According to
Symantec’s 2014 Internet Security Threat Report, the number of attacks
against smaller businesses (with fewer than 250 people) nearly doubled from
18 percent in 2011 to 31 percent in 2013.

In 2013 and 2014, my company, CSID, surveyed small and medium-sized
businesses on their security practices and found little change over the
year despite the growing number of cyber attacks. In both years, my firm
found that 3 out of 10 these smaller businesses were not taking any
measures to protect against security threats. More troubling is the fact
that 43 percent of the respondents felt comfortable with their current
security measures, even if none were in place.

This year’s survey found that as smaller companies grow, they tended to
dedicate more resources to protecting their business against security
risks. While it’s encouraging to see businesses invest in security over
time, it is troubling that security is not a business imperative from the
get-go.

Security should be a priority for small and medium-sized businesses from
Day 1, as the cost of a breach can be crippling. Fraud costs, data-breach
investigation fees, reputation costs and customer-support expenditures are
just a few reasons why budding businesses cannot afford to leave security
to chance.

Here's a list of the most important security measures to consider when
starting a business -- to avoid headache and financial heartache in the
future:

1. Protect your identity. At the beginning, your business is very much an
extension of yourself, making your identity attractive to cyber criminals.
When you apply for a business license, much of the information submitted --
your name, business name, location, phone number and license -- will be
publicly available.

Cyber criminals can target new business owners (since those starting a
business likely have some money and a good line of credit) and try to
obtain credit in the company’s name. Criminals might also compromise new
business websites, as security measures are often not yet in place.

Be on high alert on personal social-media sites for social engineering
schemes. Do not connect with people you don’t personally know.

Secure new business websites with long, complicated log-ins, keep virus
software up-to-date and ensure that sensitive information is encrypted.

When you register your business, ask what, if any, information can be
omitted in public records.

Keep an eye on your personal credit score and information for any
fraudulent activity by using a credit and identity monitoring service.

2. Monitor your business credit. Most small and medium-sized company owners
know that they have a business credit score, but a majority of them do not
know what the number is. One tactic used by cyber criminals to exploit the
finances of these companies is to pose as the owner and run up credit using
the business’ name. This can ruin the line of credit for the business.
New-company owners do not tend to keep a close watch on their business
credit, which gives cyber criminals a chance to abuse it before getting
caught.

Know your business credit score and look for any suspicious changes in your
credit every month for your business' first year. After that, check every
six months.

Try a monitoring service to keep track of your business’s overall health
and mitigate the risk of a breach.

3. Use secure devices and networks. Many startups don't have an office, and
entrepreneurs rely on coffee shops, libraries and other public places as
remote worksites. When working in a public setting, make sure your device
and network are secure to keep cyber criminals from collecting sensitive
information via tactics like man-in-the-middle attacks (when someone
intercepts Internet traffic).

Make sure any cloud services you access are secure. Services like Box,Copy
and Hightail are great, inexpensive solutions for startups. Before using
any service, do your research. Any cloud vendor you use should have a
trustworthy security reputation.

Use a virtual private network (VPN) when working in a public setting. A VPN
allows you to access a secure network when you are in an otherwise insecure
place. Using a VPN can help protect sensitive communication from cyber
criminals trying to hack into devices connected to insecure, free public
Wi-Fi. There are many free and inexpensive VPN apps you can use to protect
your devices.

Make sure your mobile device does not automatically join the nearest
available Wi-Fi connection. This can put your mobile device that stores
personal and work information at risk for a man-In-the-middle attack.

As your business grows, security risks will shift, prompting the need for a
different set of security measures.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!