…according to retired Rear Adm. Ken Slaght, president of San Diego Cyber Center of Excellence, a nonprofit dedicated to accelerating the region’s cybersecurity economy and positioning it as a global hub for cyber innovation.
1. Understand the risks
Businesses of all sizes are susceptible to attacks, but entrepreneurs are particularly vulnerable. Startups often operate on a lean budget with a flexible structure and a skeleton crew, but you can improve security without breaking the bank. Start with the following: Identify your IT system’s top vulnerabilities, implement relevant security infrastructure (including routine checks), develop crisis management response protocol, and train your staff on all of the above.
There have been more than 850 hacks —more than 29 million records exposed — so far in 2016, according to the Identity Theft Resource Center.
2. Have strong, unique passwords
Yes, it’s annoying to have 40 different passwords that change regularly, but just do it, OK? Make your whole team do it, monthly, no exceptions. To remove the guesswork, try using a random password generator (these come free with purchase of Norton or McAfee products). Record and organize your passwords with an encrypted online app such as iVault, LastPass, KeePassX and Sticky Password, which safeguard your info and back up to the cloud.
3. Maximize anti-fraud capabilities
If there’s one thing startups should invest in, it’s a fraud management filter to flag potentially criminal transactions.Verified by Visa or MasterCard SecureCode will shift fraud liability away from your business. If you are purchasing or managing payment transactions, implement an official process to perform manual checks before order fulfillment to accept or reject each one individually. Check your statement alongside invoices: Billing information should appear complete, accurate and identical on all documentation before an order is fulfilled.
4. Don’t forget mobile
Our phones and tablets have become so integral to our routines that it’s easy to forget they contain a treasure trove of company data and present enormous security vulnerabilities. Mobile devices are at the top of the hit parade for hackers, and are one of the weakest links to corporate security protocol. Implement the same protection measures on personal and company mobile devices as you use on company desktops and the web.
5. Monitor your site regularly
Many hacks are designed to avoid detection, so it can be easy to miss the signs of a breach if you’re not actively looking for one. Regularly scan your entire website for irregularities, paying particular attention to unused media files and seemingly extraneous code, as hackers often embed code in hidden files and insert malicious links within seemingly innocuous code.