Add another layer to your #Business literacy. We at Serebral360° would love to know if the Forbes – Entrepreneurs article was helpful, leave a comment, like and share. Let’s dive in and discuss the information and put it to use to grow your business. #BusinessStrategy #ContentMarketing #WebDevelopment #BrandStrategy
Info@serebral360.com 762.333.1807 www.serebral360.com
Grap a copy of our NEW Business Stratgety Books #FFSS VOL1 and #FFSS VOL2
Amid the exuberance of the startup process, it’s easy to forget about the importance of cybersecurity. According to a 2015 report from the U.S. Securities and Exchange Commission, only 29% of companies with less than 50 employees understand the steps needed to improve their cybersecurity efforts, a number much lower than more established companies. However, some things cannot be deferred until later if your business is to survive.
Here are four cybersecurity priorities that every startup needs to embrace from day one, based on what I have practiced from the first day my own company opened for business in 2014.
1. Build a culture of cybersecurity.
When it comes to protecting sensitive data and intellectual property (IP), it’s often the people in the office who are the most significant risk. Negligence and indifference leave companies with compromised security, and, as a recent ShredIt analysis concluded, “On the path to total information security, the biggest obstacle U.S. companies face is their own staff.”
In other words, cybersecurity isn’t just an infrastructure issue. It’s a cultural one.
To be fair, most organizations lack a cultural ethos that prioritizes cybersecurity, but a startup is in a unique position to fix this mess before it impacts their company. When cybersecurity is a priority for the company’s founders and initial team, those norms more easily extend to new team members as the company grows.
In contrast, a lackadaisical approach to protecting data and IP can become normative, potentially infecting a company’s culture until it’s too late.
2. Embrace accountability while valuing privacy.
In a culture that rightly values cybersecurity, accountability is critical. It’s not enough just to talk about protecting data and IP; startups need to implement the right infrastructure to ensure that there is follow-through at every level. For many companies, this means turning to some iteration of employee monitoring software. Since most work is digital and transferable, this can be a valuable way to protect customer data and sensitive IP.
However, startup companies are uniquely predicated on a sense of teamwork and togetherness, often embracing a mission that extends beyond the company’s business priorities. Monitoring initiatives can make employees feel spied on or untrusted, and especially for startups, this perception can be devastating.
Fortunately, it’s possible to value employee privacy while still prioritizing cybersecurity. To avoid a cultural meltdown, ensure that your company:
• embraces a top-down approach to monitoring where all employees, even founders and management, follow the same monitoring protocols.
• restricts data collection to specific, data-centric applications.
• enables auto-redaction and masking of personal data.
• declines to make monitoring reports evaluative.
From the very beginning, every member of a startup needs to be accountable for data security, but that doesn’t mean that oversight has to be invasive.
3. Plan for regulatory compliance.
In May 2018, Europe’s expansive and extensive General Data Protection Regulation (GDPR) came into effect and changed the regulatory landscape for all companies. Now, any business that wants to do business with European citizens has an explicit obligation to protect their data and to respect their privacy, something that every startup should embrace from day one.
More importantly, regulations like GDPR are poised to become more popular and prominent, not less.
In 2020, California’s sweeping privacy law goes into effect, bringing EU style regulation to the United States. In addition, 19 African countries have enacted data protection regulations, ensuring that every continent has some form of governmental oversight.
Taken together, 58% of all countries have legislation that protects user privacy in the digital age. As consumer trends follow a similar trajectory, it’s clear that startups need to prioritize global privacy regulations as a holistic component of their cybersecurity initiatives.
4. Provide continual education on security best practices.
Today’s digital environment is perilous, but it isn’t stagnant. New threats are continually emerging, and today’s best practices ignore tomorrow’s vulnerabilities. Therefore, startups need to adopt cybersecurity training initiatives that are continual and ongoing.
Ultimately, awareness and training decreases risk and makes the company more secure. As reported by the Society for Human Resource Management, “Every time a company trains, its risk of falling prey to a successful phishing attack decreases by 20 percent.”
Specifically, all team members need to understand the cybersecurity risks that are relevant to their business, the most effective ways to prevent a breach and the threat landscape that evolves as the company matures. For startups, a data-driven approach to training can ensure that the company’s technological idiosyncrasies and general culture align with cybersecurity best practices. Ensure that training is relevant and timely, always preparing employees to protect user data and IP.
In a professional context, few things are as exciting as initiating a startup. It’s a scary process with many challenges, but the opportunity to build and develop the next great platform makes the entire process worth it.
While nobody can guarantee that a startup will succeed, embracing the wrong priorities can help ensure that it will fail. Cybersecurity has to be at the top of every startup’s to-do list, and by adopting the right priorities from day one, they can position themselves to pursue their more prescient initiatives.
May 29, 2019 at 08:35AM
Forbes – Entrepreneurs