Some of the most successful companies today began their journey as startups. They usually start with a brilliant idea or a new technology that promises to solve a problem to rethink the way we do business.
The African region is no stranger to startups, where reports suggest that African startups raised near $5 billion in total estimated funding from 740 deals last year, predominantly in tech startups. This is more than a 250% increase from the $1.3-billion estimated total funding raised in 2020.
Startup owners often draw attention to issues of business planning, marketing strategy, and attracting additional investment, but do not address the need to build a solid cybersecurity system. The lack of a clear understanding of threats can cost a startup a potentially successful business.
Here are 6 typical cybersecurity mistakes committed by startups:
#1 Excessive access rights
Often when a startup employee needs access to corporate resources or services, they immediately get administrator rights. The person who shares those access rights usually thinks it’s easier to give access to everything once, without understanding the real needs of a particular employee and his responsibilities, than get new requests for access every week. But the more access rights an employee has, the chance of an error grows.
If you want to minimise the number of cyber incidents, each workflow participant should have only those access rights that are necessary for their tasks.
#2 Lack of proper storage and backup
Data backup is a way to securely archive your important information such as classified documents for your business.
These backup copies are important because they allow you to recover the data in case of an unplanned event, such as a cyberattack.
#3 Forgotten passwords
Another common problem is forgotten passwords for corporate social networks or other rarely used services.
Perhaps a new staff member sets up a Facebook or LinkedIn account to help promote the business, but fails to share the account details with other members of staff, then promptly leaves for another role – the login credentials have gone, with little chance of recovery.
#4 Shared passwords
Some people may think that with high turnover it may be a good idea to use shared accounts. But the more people know a password, the more likely it leaks due to phishing, negligence, or malicious intent.
In addition, it greatly complicates the investigation of an incident, when it happens. Let’s say it turns out that someone has gained access to an account – the experts suspect that the password was intercepted by malware and wants to check the computer of an employee who had access. Only to find that everyone had!
#5 Passwords in cloud services
Another password-related mistake is to store passwords in some files in Google Docs, as incorrect set up means it’s usually accessible by anyone with the link. The obvious advantage is that it is very convenient to transfer the necessary information to all employees, it is enough to put all the necessary passwords in one document and send a link.
However, such Google documents can be indexed by search engines. In other words, the file with all your passwords could potentially fall into the wrong hands.
#6 Lack of two-factor authentication
Some of the problems associated with passwords would be less dangerous if startups did not neglect two-factor authentication on work accounts.
This allows you to protect important data from various theft methods, such as phishing. First of all, two-step protection should be put on all financial services.
Internet security experts Kaspersky says that to avoid the ‘typical’ mistakes that many small businesses and start-ups make, try to follow these tips:
- When it comes to granting access to resources or services you should follow the least privilege principle. That is, an employee must have the minimum set of access rights — enough only to perform their tasks.
- Know exactly where your startup’s important information is stored, and who has access to it. Back up all your important information and develop guidelines when hiring new employees, including clearly defining which accounts are needed for each employee, and which ones should be limited only for certain roles.
- Mature corporate cybersecurity culture helps to prevent many cyber threats. You can start with creating a cybersecurity manual for employees so that everyone is on the same page.
- All passwords must be stored in a secure password manager. It will help your employees not to forget or lose them and also to minimise the chance that an outsider will get access to your accounts. Also, use two-factor authentication mechanisms wherever possible.
- Advise your employees to lock their computers when they walk away from the desk. They should keep in mind that an office can be visited by all kinds of third parties, including couriers, clients, subcontractors, or job seekers.
- Consider installing antivirus software in order to protect devices from viruses, trojans, and other malicious programs.
Edited by Zintle Nkohla
Follow Zintle Nkohla
Follow IT News Africa