Kaspersky shares common cybersecurity pitfalls for startups to avoid

Kaspersky shares common cybersecurity pitfalls for startups to avoid 

By: Contributor
Thought Leadership

Cybersecurity company Kaspersky highlights some typical cybersecurity mistakes committed by startups and how they can avoid them.

Author: Kaspersky

Some of the most successful companies today began their journey as startups. They usually start with a brilliant idea or a new technology that promises to solve a problem to rethink the way we do business. The Middle East region is no stranger to startups, according to Forbes, this year’s 50 Most-Funded Startups in MENA have raised nearly $3 billion in total funding. 

Startup owners often draw attention to issues of business planning, marketing strategy and attracting additional investment, but do not address the need to build a solid cybersecurity system. The lack of a clear understanding of threats can cost a startup a potentially successful business. Here are some typical cybersecurity mistakes committed by startups:

Excessive access rights

Often when a startup employee needs access to corporate resources or services, they immediately get administrator rights. The person who shares those access rights usually thinks it’s easier to give access to everything once, without understanding the real needs of a particular employee and his responsibilities, than get new requests for access every week. But the more access rights an employee has, the chance of an error grows. If you want to minimize the number of cyberincidents, each workflow participant should have only those access rights that are necessary for their tasks.

Lack of proper storage and backup.

Data backup is a way to securely archive your important information such as classified documents for your business. These backup copies are important because they allow you to recover the data in case of an unplanned event, such as a cyberattack. 

Forgotten passwords

Another common problem is forgotten passwords for corporate social networks or other rarely used services. Perhaps a new staff member sets up a Facebook or LinkedIn account to help promote the business, but fails to share the account details with other members of staff, then promptly leaves for another role – the login credentials have gone, with little chance of recovery.

Shared passwords

Some people may think that with high turnover it may be a good idea to use shared accounts. But the more people know a password, the more likely it leaks due to phishing, negligence or malicious intent. In addition, it greatly complicates the investigation of an incident, when it happens. Let’s say it turns out that someone has gained access to an account – the experts suspect that the password was intercepted by malware and wants to check the computer of an employee who had access. Only to find that everyone had!

Passwords in cloud services

Another password-related mistake is to store them in some file in Google Docs, as incorrect setup means it’s usually accessible by anyone with the link. The obvious advantage is that it is very convenient to transfer the necessary information to all employees, it is enough to put all the necessary passwords in one document and send a link. However, such Google documents can be indexed by search engines. In other words, the file with all your passwords could potentially fall into the wrong hands.

Lack of two-factor authentication

Some of the problems associated with passwords would be less dangerous if startups did not neglect two-factor authentication on work accounts. This allows you to protect important data from various theft methods, such as phishing. First of all, two-step protection should be put on all financial services.

To avoid the ‘typical’ mistakes that many small businesses and start-ups make, try to follow these tips:

  • When it comes to granting access to resources or services you should follow the least privilege principle. That is, an employee must have the minimum set of access rights — enough only to perform their tasks.

  • Know exactly where your startup’s important information is stored, and who has access to it. Back up all your important information and develop guidelines when hiring new employees, including clearly defining which accounts are needed for each employee, and which ones should be limited only for certain roles.

  • Mature corporate cybersecurity culture helps to prevent many cyberthreats. You can start with creating a cybersecurity manual for employees so that everyone is on the same page. 

  • All passwords must be stored in a secure password manager. It will help your employees not to forget or lose them and also to minimize the chance that an outsider will get access to your accounts. Also use two-factor authentication mechanisms wherever possible.

  • Advise your employees to lock their computer when they walk away from the desk. They should keep in mind that an office can be visited by all kinds of third parties, including couriers, clients, subcontractors or job seekers.

  • Consider installing antivirus software in order to protect devices from viruses, trojans and other malicious programs

A large number of threats can be prevented with Kaspersky Small Office Security. This solution not only protects your employees’ devices from ransomware and other common cyberthreats, it also includes a password manager.

You might also like