All startup founders know that the risk of a cyber security breach is very real and very serious. However, when you're constantly juggling a hundred and one things, it can be easy to let these questions slip in favour of focus on product and team, or because you don't know where to start to take back control of these risks.
We recently sat down for a Q&A with Susie Jones, CEO and co-founder of Cynch Security, to find out how she thinks about cyber risk as both a security expert and as a founder herself. She's passionate about reducing the number of small businesses who fall prey to cyber attacks each year and is committed to empowering founders to protect themselves.
Check out Susie's helpful answers to the top questions we get about how, and when, startups should be thinking about safeguarding their data, systems and intellectual property below.
A: As soon as a founder has something that is worth anything – think intellectual property, product designs, customer data, or customer contracts – they should be giving cybersecurity some real attention. The earlier you put controls and processes in place to protect what matters most, the easier it will be to scale these protections as your startup grows.
A: There are many free or very cheap controls that can be put in place that will make a material difference to your security. Things like having a policy in place to verify supplier bank details over the phone before sending payments, enforcing multi-factor authentication on every account, creating an incident response plan for the event you do fall victim... All of these things are free and quick to do.
A: Now more than ever, cyber criminals are taking advantage of people and playing on our human vulnerabilities to trick us into doing what they want. Attacks often use social engineering to generate a sense of urgency, or are sent on Friday afternoons when we’re all a bit tired, so watch out for these. The best defence to these attacks is slowing down, and generally treating all communications with a sense of suspicion.
A: As long as your business has something of value, you have something to lose from cyber attacks. Cybersecurity is a business risk that affects everyone, even if it takes different forms for each business.
Cyber attacks can be broadly classified into three areas of risk:
Confidentiality risks are highest for startups with valuable data. Integrity risks are highest for those with heavy reliance on the accuracy of data or systems. Availability risks are likely highest for startups relying on constant access to systems of information – for example, ransomware events that can remove the availability of those systems.
A: Yes! Investors should consider cyber security risk in the same way they would evaluate how a startup manages any of their business risks. It’s an important area that should not be left out.
Susie Jones is the CEO of Cynch Security - Cyber Fitness for Small Business, as well as a prominent speaker, mentor, director and advisor. As an experienced cybersecurity, risk, insurance and innovation leader, Susie is on a mission to reduce the number of small businesses who fall victim to cyber attacks here in Australia each year and is passionate about finding a way to help business leaders take back control of their risks. You can reach out to Susie via LinkedIn if you'd like to chat.