Some of today’s most successful companies started their journey as startups. They usually start with a brilliant idea or a new technology that promises to solve a problem to rethink the way we do business.
The African region is no stranger to startups, where reports suggest that African startups raised nearly $5 billion in total estimated funding from 740 deals last year, mostly in tech startups.
This is an increase of over 250% from the total estimated funding of $1.3 billion raised in 2020.
Startup owners often draw attention to issues of business planning, marketing strategy, and attracting additional investment, but fail to address the need to build a strong cybersecurity system.
Lack of a clear understanding of threats can cost a startup a potentially successful business. Here are some typical cybersecurity mistakes made by startups:
#1 Excessive access rights
Often, when a startup employee needs access to company resources or services, they are immediately granted admin rights.
The person who shares these access rights generally thinks that it is easier to grant access to everything once, without understanding the real needs of a particular employee and their responsibilities, than to obtain new access requests. every week. But the more access rights an employee has, the greater the risk of error.
If you want to minimize the number of cyber incidents, each participant in the workflow should only have the access rights necessary for their tasks.
#2 Lack of proper storage and backup
Data backup is a way to securely archive your important information such as classified documents for your business. These backup copies are important because they allow you to recover data in the event of an unforeseen event, such as a cyberattack.
#3 Forgot passwords
Another common problem is forgetting passwords for corporate social networks or other seldom-used services.
Maybe a new staff member creates a Facebook or LinkedIn account to help promote the business, but doesn’t share the account details with other staff, then quickly leaves for another role – credentials connection disappeared, with little chance of recovery.
#4 Shared Passwords
Some people may think that with high turnover it might make sense to use shared accounts. But the more people know about a password, the more likely it is to leak due to phishing, negligence, or malicious intent. Moreover, it greatly complicates the investigation of an incident, when it occurs.
Let’s say it turns out that someone has accessed an account – experts suspect that the password was intercepted by malware and want to check the computer of an employee who had access to it. Only to find that everyone had done it!
#5 Passwords in cloud services
Another password-related mistake is storing them in a file in Google Docs, because misconfiguration means it’s usually accessible to anyone with the link.
The obvious advantage is that it is very convenient to transfer the necessary information to all employees, it is enough to put all the necessary passwords in one document and send a link.
However, these Google documents can be indexed by search engines. In other words, the file containing all your passwords could potentially fall into the wrong hands.
#6 Lack of two-factor authentication
Some of the password issues would be less dangerous if startups didn’t overlook two-factor authentication on business accounts.
This allows you to protect important data from various theft methods, such as phishing. First, two-step protection should be put on all financial services.
To avoid the “typical” mistakes that many small businesses and start-ups make, try following these tips:
- When it comes to granting access to resources or services, you should follow the principle of least privilege. That is, an employee must have the minimum set of access rights, sufficient only to perform their tasks.
- Know exactly where your startup’s important information is stored and who has access to it. Back up all your important information and develop guidelines when hiring new employees, including clearly defining which accounts are needed for each employee and which should be limited only for certain roles.
- A mature corporate cybersecurity culture helps prevent many cyber threats. You can start by creating a cybersecurity manual for employees so that everyone is on the same page.
- All passwords should be stored in a secure password manager. This will help your employees not forget or lose them and minimize the risk of a stranger gaining access to your accounts. Also use two-factor authentication mechanisms whenever possible.
- Advise your employees to lock their computers when they leave the office. They should bear in mind that an office can be visited by all sorts of third parties, including couriers, customers, contractors or job seekers.
- Consider installing antivirus software to protect devices against viruses, Trojans, and other malicious programs.
Many threats can be avoided with Kaspersky Small Office Security. This solution not only protects your employees’ devices against ransomware and other common cyber threats, but it also includes a password manager.