10 Data Security Tips for Start-Ups

The news of the Equifax data breach has been at the top of the headlines, showcasing the importance of security and trust in today's businesses.

While data storage is relatively cheap, companies have failed in the aspect of securing stored data. As we are seeing with Equifax, a data breach can destroy the trust and confidence a company has worked so hard to earn. In the aftermath of an attack, a company can be engaged in a legal battle with its aggrieved customers and this, of course, will cost a fortune.

Well-funded companies are known to have encountered few data security issues due to their financial capability to secure the services of an astute and knowledgeable data security personnel. However, it is the opposite for low-cash start-up businesses as they are known to be vulnerable to data breach.

The importance of data security to start-ups cannot be over emphasized. Read through our 10 expert security tips to prevent data breaches in a cost-effective -- yet potent -- manner.

Tip 1: Enforce data security policies and guidelines

Regardless of how large or small your business set-up is, tracking employee activities and how they share, sync, and store your company’s data is fundamental.

Due to technological advancements and workforce mobility, it has become difficult to track where critical data ends up. Cloud storage and synchronization tools have spiked risks associated with data breaches as employees ignorantly share secured files when working outside the organization.

Data encryption practices, storage location, and the personnel who has the right to access them should be clearly stated. It is therefore imperative that a well-structured data security policy and file sharing guidelines are in place prior to start-up.

Tip 2: Ensure that all stored/resting data is appropriately encrypted

Using a formidable data encryption plan such as AES-256, which requires a security key before granting access to a database, is highly recommended. So, when your data is stored and unused, it must be encrypted. In the event of a cyber attack, it will be impossible to gain access to your database without that decryption password.

Tip 3: Make sure you Hash and Salt all passkeys

Hashing is just storing data with a one-way encryption while salting is adding text to a passkey before storing it.

In a situation, whereby you receive data that is not yours such as a passcode, it must be hashed so that -- if someone gets ahold of it -- it will be difficult to decrypt and use it. More so, salting will make it extremely difficult to decode the passcode.

Tip 4: Make use of UTM devices

UTM means Unified Threat Management. A UTM device is mostly referred to as an all-in-one device because of its ability to combine properties of multiple devices. A typical example is purchasing a combined scanner/printer/photocopier instead of acquiring individual devices.

A UTM device is also renowned for its varied applicability as a VPN gateway, proxy server and firewall to mention a few. It can shield local and remote network users all at once without compromising security levels for a company’s employees. Therefore, investing in a UTM device is highly recommended for a start-up company.

Tip 5: Carry out routine penetration tests

When it comes to technology, a tool or strategy cannot be satisfied 100 percent. Hence, an analysis of vulnerability is necessary especially for start-ups that lack the financial capacity to set up hi-tech security systems.

For example, if a new company launches an application that collects secured data such as credit card information, it is essential to carry out a real-life breach test prior to starting. This test will help access the responsiveness of the existing security system.

It is best to perform this exercise when all is set, data safety systems are live, and after every major software upgrade. It is good practice to carry out the assessment using various cost-effective security consulting firms with different approaches to ascertain the safety of data after an attack. Pro-activity is the key.

Tip 6: Say no to session riding/one-click attack

Session riding/one-click attack is also known as Cross-site request forgery (CSRF) or XSRF. This cyber-attack is characterized by the ability of a web application to transfer secure data from a user or steal a form of his or her web session and use it to execute illegal actions.

A typical example is changing an administrator’s password without their consent. As a starter, using WordPress to drive your web technology is advisable because it uses a BulletProof Security (BFS) plugin which tackles CSRF. You can also make use of the CloudFlare tool or both options where necessary. 

Tip 7: Avoid XSS

XSS or cross-site scripting is a computer security attack that is found on web applications. It allows an attacker to bypass access controls and inject malicious codes on your app or website. These codes enable a remotely controlled attack. This attack occurs when a cyber thief embeds his user profile with some JavaScript that launches tracking algorithms from the thief’s covert hacking site. 

Tip 8: Embrace investment in insurance

According to data security experts, a hell-bent hacker will sure find a chink in data safety setups, which means there is no 100-percent protection against data breach. Therefore, preparing for the aftermath of an attack should in case one occurs is very important. Post data hack, a manager would be obliged to inform his or her customers about the present situation, and this could result in a disaster for the start-up.

The company could lose its customer base or get sued alongside external contractors. Therefore, subscribing to the Professional Liability Insurance (PLI) also known as Errors and Omissions policies is right for start-ups because it ensures that companies do not solely defend claims of negligence made by aggrieved clients.

Tip 9: Train your staff adequately

Cyber Education is vital. Ensure that your workers are appropriately trained such that they think before they click, know how to decipher authentic links, avoid visiting suspicious web pages and -- most importantly -- eschew plugging in just any USB drive into your company’s computer.

Tip 10: Avoid injections and use only secured servers

Insecure servers spurt the vulnerability of your security systems. Therefore, it is important to use only servers that cannot be hacked, and will readily reject malicious code injections.

A breach in security could mean an end that business you have labored so hard to grow. Protect your data today and take security seriously.

About Manuj Aggarwal

Manuj Aggarwal is an entrepreneur, investor and a technology enthusiast who likes startups, business ideas, and high-tech anything. He enjoys working on hard problems and getting his hands dirty with cutting edge technologies. In the last few years, he has been a business owner, technical architect, CTO, coder, startup consultant, and more. Learn more about Manuj's consulting services and courses at tetranoodle.com.