Think you’re not at risk? Think again.

If you have a phone, your company is at risk of a cyberattack. 

Unfortunately, anyone with a digital presence is at risk these days. If you’re doing anything other than selling lemonade on the corner, your presence in cyberspace will be known as soon as you launch your new app or website, and you’ll be put on a cyber hit list. 

Do you know how to defend yourself? Do you know how to protect investor funds (and trust) by having an enterprise-level security strategy? Do you even know what threats you’re up against and what risks you face?

While the first two are questions for another blog, the last one we’ll answer here. Before spinning up any kind of security strategy, it helps to know why. 

Got these? Then you’re at-risk

For any company with online assets, here are some elements that make you vulnerable by default. 

An email address. Hackers go here first. Phishing is the second most common path to your data. Want to know the first? That’ll be the next bullet point, but in the meantime, you should check into a few email security solutions. 

A username and password (aka ‘credentials’). Cybercriminals stealing (or guessing) your credentials is the number one most common way they get your data, according to the Verizon 2022 Data Breach Investigations Report (this annual report is a must-read if you want a ten-minute update on the year’s most dangerous cyber threats). There are several ways to solve this: a good password manager or an entire Multi-Factor Authentication solution, to start. Or, go Passwordless. Passwords are on the way out, according to cybersecurity gurus, so go Passwordless and get ahead of the game (Cisco Duo does this). 

A phone, tablet, computer, refrigerator. Anything ‘smart’ is a liability. Doing work from your phone (like maybe every startup founder ever)? That’s a risk. Doing work from the same phone you use to play Candy Crush and do your mobile banking? That’s a HUGE risk. 

A cloud-based product. Back in the old-days (in cybersecurity talk, that’s 3-5 years ago), there was something called a ‘perimeter’. All the work was done within the perimeter – you had your computers, your servers, your workers all in the office and connected to the corporate LAN – and you could protect everything inside with a nice big firewall.

These days, you’re probably starting up operations on your phone, completely in the cloud (AWS maybe?) and have contracted developers in several different countries. They deliver the goods, you pitch the investors, and suddenly you’re looking at your first enterprise deal. They ask: I see you’re cloud-native. 

Remote workers: This is also a big one. Remote workers have really exponentiated the attack surface – in other words, they’ve increased the points at which an attacker can attack your systems because each is probably 1) on their own internet 2) on their own device 3) using personal apps on the same device as they do work (very risky) and 4) unaware of basic cybersecurity hygiene issues. This includes founders, CEOs, programmers – everyone.

Cybersecurity is its own ball of wax, and everyone needs to be protected under cybersecurity policies designed specifically with this in mind (there’s a lot of technical behind-the-scenes business here, very different from ‘on-prem’ security and even more specific in the cloud). Protecting remote workers (and the data that they have access to) should be a number-one priority for startups and anyone with a work-from-anywhere wishlist. 

The take-away: This list could go on. We still haven’t covered biometrics, social media presence (that’s a big one and hackers love to ‘be you’ online), or digital file sending (another multi-million dollar cyber puzzler among the bigger corps). But that’s just the point – cybersecurity is an ocean, and anyone with a foot in the digital water gets wet. 

There’s no preference for those who have ‘been in the game longer’ or those in the tech space. Cybersecurity threats come to all, and they usually succeed the most against the ones who expect them the least. Know what you’re up against and how to combat the threats you’re already at risk for – or find out the hard way through reputational cost, data loss, and sad experience. 

Get Cyber Secure

Here’s a pro-tip. Cybersecurity takes a lot more than a few password managers and maybe MFA (Multi-Factor Authentication) – although those are a crucial place to start. In the big leagues, enterprises have whole departments devoted to security, and require their downstream vendors and supply chain partners to have an enterprise-safe security posture in place as well. If you’re unfamiliar with the terms PKI, TLS/SSL, XDR, SFTP or CIA triad, you’d better look into hiring a Security Analyst ASAP. But again, more on that in another blog. 

There is, however, an easier way. In the business, it’s called building your SOC (security operations center) ‘in-house’ versus going with a ‘managed’ option. While that deserves a deeper dive, the short story is that – if any of this makes your head spin, you can just do what all good startups do, and hire out.

We’ll take care of your cybersecurity for you – all of it – from top to bottom and give you the same rundown, the same assessment, the same advice we give the big guys, only for a lot less.

Companies with lean IT teams can’t go easy on cybersecurity. According to Accenture’s Cost of Cybercrime Study, 43% of all cyberattacks happen to small businesses. We’ll just say that again. Forty-three percent (that’s almost half) of all cyber incidents anywhere happen to the little guys. Ransomware, for one, doesn’t pull punches for SMBs, and neither do a lot of other threats, either. 

But more on that in another blog.