As cyber threats intensify, new startups must make sure that careless mistakes aren’t leaving them vulnerable.
For this article, our definition of new startups are those that are contributing to the digital economy and not those startups in the traditional bricks and mortars. These traditional business models however, are not exempted if they propose to digitise their business startups from day one when they thought of and wants to implement the idea.
Many of the startups believes that they are too small or insignificant to be affected or they are too small to be a target. Regardless of your size and industry, an attack if it happens, can be fatal as you are totally unprepared.
We are certain that it did not cross the minds of the majority of the founding members of new startups to prioritise and implement a cyber resilient framework surrounding and within their IT architecture when they start their business. Costs could be a major issue. Having the right advice is another. Naivety thinking that hackers would not target new startups could be another, with the beliefs that there is nothing of worth for cyber criminals to target them.
The value of every startups at the initial are in the concept and its architecture. Every founder / promoter would definitely wants to protect and guard its concept mapped out in the IT architecture, from being leaked or copied by others. It’s similar to putting the ‘conceptual architecture’ locked in prison securely with round the guards patrolling and monitoring it.
As in every startups, things are normally chaotic during the initial stage with no clear demarcation of duties and responsibilities with some of the original members of the startups having to 'shoulder' 3 or 4 persons type of work. During this initial stage, every member of the staff are ‘buddies’ as all shared the same ideals, dreams and hope of the startup being successful as soon as possible. It is during this period that a lot of administrative issues tends to be overlooked.
Majority of breaches happened as a result of human error. If there is no major disagreements or discontent within the staff, then common mistakes made by the staff during this period when every member of the team called each other ‘buddies’, could include emailing attachments that contains sensitive data to the wrong person, accidentally downloading malware from an unsuspicious link, poor password practice or even naively leaking data.
When they are discontentment or disagreements that could lead to staff turnover, startups normally have poorly laid policies and procedures e.g., having the policy and strict follow up for the soon to be ex employees’ access to the systems terminated at the appropriate time.
Newly minted entrepreneurs in the digital economy should start to sit up and take notice that you could and is always a potential target for cyber criminals just like any other business or operations. Being a new startup does not mean you are not a potential target. You are not alone in what you saw in the value of your concept.