Cyber Security and Data Privacy 101 for Early Stage Founders

Cyber Security and Data Privacy 101 for Early Stage Founders

When well-known companies have security breaches, particularly when it affects their customers, it dominates headlines. As a result of their 2013 attack, Target lost nearly $300 million.1 Uber settled their 2016 data breach investigation for $148 million.2 These large companies are an obvious target with tens of millions of users.

However, the reality is any size company can fall victim to hackers. In fact, some hackers prefer smaller and newer businesses, because they are easier targets with less security. As VP of Business Development at cloud security company Avanan Michael Landewe puts it, “If you make money, someone will abuse weak security practices to take that money.”

Cyber security can feel unnecessary when you’re getting started but building a strong foundation can save you a lot of time, money, and frustration. It’s easy to ignore a threat that you can’t see. Lytical Ventures partner Lucas Nelson says a mistake he often sees is startups treat cyber security like other “technical debt” – where you create a quick and dirty solution for a quick win. The problem with security is the damage can be irreversible or too costly.

Think of it like dental hygiene. You could probably get away with ignoring it for a while, use gum and mints to fool people, but eventually you’ll have to deal with a bigger, more painful, more costly problem like a root canal – or even complete replacement of the teeth. The last thing you want is to be rewriting your product for security when you should be rewriting for scale.

Data Privacy

Every company with customers should care about data privacy – also known as information privacy. Though the term “data privacy” is new, the concept has been around for a long time. Think about doctor/patient confidentiality or attorney/client privileges. You should protect your customer’s private information – even if it’s just their email address – like it’s your own.

Beyond ethical reasons, it’s just good business sense. Repeat business costs less than customer acquisition, and one easy way to lose a customer’s trust is compromising the privacy of their personal information. Additionally, the ability to share or sell information is becoming increasingly illegal and can be costly for your business. Target can afford hundreds of millions of dollars in settlements, most startups can’t. There are also regulations that to be considered. The new GDPR rules have fines based on your revenue (vs. profit), which could also devastate a startup.

Cyber Security

“Every company is becoming a technology company.” It’s been said so much, we can’t even find the original source. While there still may be some artisans or mom and pop shops that deal only in cash and track their transactions with pencil and paper, every startup with venture scale potential is operating with technology. Cyber security describes the measures taken to protect your data from criminal or unauthorized use.

On top of your customer’s data, you need to protect your intellectual property. Whether you’re inventing new technology or simply building an app for your users to access your product or service, you want to ensure your IP isn’t compromised. Encrypt everything from the beginning and don’t take short cuts that could come back to haunt you later.

Getting Started

If this feels foreign to you, then you are not the person to take charge of your startup’s cyber security and data privacy needs. Consider bringing in a technical co-founder or hiring an expert to make sure your company is safe from threats. In the meantime, here are some quick tips to get you started:

If you’re not confident in the status of your security, don’t wait to address it. When asked what the biggest mistake a startup can make regarding their cyber security Landewe said, “Putting it off another day, because they think they’re too small or that their customers won’t care.” Your customers care and you are not too small – secure your startup from cyber threats today.

Other Resources

OWASP Top Ten (broad consensus about the most critical security risks to web applications)

Dark Reading (hacker blog)

Sources

  1. https://www.thesslstore.com/blog/2013-target-data-breach-settled/
  2. https://www.nytimes.com/2018/09/26/technology/uber-data-breach.html

Questions or Comments?  Reach out to EGFS

Follow Us: @EarlyGrowthFS

Recent Posts:

3 Simple Ways to Differentiate Yourself as a Networker

15 Noteworthy Acquisitions in 2018

Financial Planning: Essentials For Startups That Mean Business

chatCONTACT US today for a free consultation to discuss the financial pain points of your business.