Startups move fast, and aren’t always thinking about data security as they rush to get a MVP to market. But they should.
Data security is increasingly important. As a new business, a mistake in this area can shut down the company. To help combat the common mistakes, I asked 10 entrepreneurs from YEC the following question:
What’s the biggest mistake you see tech startups making in terms of data security right now and why?
1. Blurring the lines between personal and professional devices
Bring your own device (BYOD) has gained popularity over the last few years, especially in the startup space. Nobody wants to carry multiple smartphones and constantly utilize different mobile operating systems to check email and manage calendars. However, the security risk is often overshadowed by convenience. Employees’ personal devices have access to and store confidential corporate data directly on the device. When an employee leaves an organization, that information is still present on their device and can be accessed indefinitely. In terms of data security this is a major mistake. – Nick Chasinov, Teknicks
2. Neglecting two-factor authentication
Two-factor authentication – the system that sends your mobile phone a text message with code that you enter upon logging into a new website – is a simple but often overlooked first step. All major business platforms offer this now including Google Apps for Work and Salesforce. Even social networks make this functionality available at the flick of a switch. With password breaches becoming more common, it’s only prudent to add a second layer of protection on the sensitive information that is stored in web-based software. – David Ciccarelli, Voices.com
3. Having inadequate exit protocols
Companies that rely on large fleets of part-time employees or contractors are especially prone to security breaches or data lapses if they don’t carefully follow a standard exit procedure. Confidential information, account access and other data loss can easily occur when your company’s data remains resident on those peoples’ devices. People forget it’s even there, and may not take security as seriously on their personal devices. Protect your and your customers’ information by doing some work ahead of time with your legal advisors. – David Mainiero, InGenius Prep
4. Not having SSL from the start
SSL (Secure Sockets Layer) is easy to implement from the start. Every website should have it integrated as standard. It provides assurance to your users and, of course, a higher level of security for communications. – Peter Boyd, PaperStreet Web Design
5. Not making security a priority from the very beginning
Startups often fall into the trap of thinking they can deal with security later, when their company is larger. The problem with not taking security seriously from the beginning is that security is not built into the company’s DNA, making it a more difficult issue to deal with when it is finally faced. – Matthew Weinberg, Vector Media Group
6. Putting product development ahead of security
Getting a viable product in front of users is the No. 1 priority of startups, which can lead to lapses in security in the early days of development. Building secure systems is a painstaking process that can get in the way of product development. But if a startup takes shortcuts, this will come back to bite them in the future.Security and privacy should be primary goals from the start. – Vik Patel, Future Hosting
7. Lack of cloud drive policies
Cloud Drives like Box, Dropbox and Google Drive are a fantastic way to keep your team in sync and manage documents. However, they can be vulnerable to viruses, ransomware and unauthorized access if they are not locked down properly. The fact files can be so easily shared and synced via Cloud Drives is their main vulnerability, meaning anti-virus, backups, email attachment, password and access policies must be in place before allowing one user to cause problems for the whole company. – Matt Knee, MyNewCompany.com, Inc.
8. Not staying up-to-date with security practices
Technology changes fast and so do security practices. Security standards from 5-10 years ago should not be used anymore. Many startups don’t bother keeping up with the latest security updates and end up using old encryption algorithms or outdated techniques that can be abused by hackers and malicious actors. – Dan Sapozhnikov, AdGate Media
9. Lack of internal infrastructure and policies
Tech startups have a strong advantage when it comes to data security because they aren’t encumbered by legacy systems, and instead are able to apply best practices from the start. As a result, their products have never been more secure. But while they’re more secure, internal practices and protocols at tech startups have lagged behind. Credential sharing, limited use of single sign on, and poor password policies are all common examples of tech startups mistakenly not focusing enough on their own internal infrastructure and policies and the impact that it has on their data security. – Michael Saffitz, Apptentive, Inc.
10. Not having notifications for suspicious activity
Six months ago I was the victim of a data breach that almost led to considerable financial distress. First, I used the same weak password across multiple organizations and for personal use. Someone guessed the password and multiple entities were quickly breached. This situation could have been avoided if I simply maximized password strength. Second, I learned that many systems have advanced data security tools to help mitigate data breaches. For instance, on Google Apps for Business I set up notifications to be alerted when suspicious activity occurs. Theses steps greatly maximize data security. – Kristopher Jones, LSEO.com