Four Easy to Implement Security Tips for Your New Startup

When your startup is first getting off the ground, it’s easy for your focus to be pulled in a thousand different directions at once. You practice your pitch so much that you start murmuring it in your sleep. You dive into market research that helps you craft your buyer personas, and keep your finger on the pulse of what is actually working for your customers. One thing that often gets left in the dust? Security.

What can you do to make sure that you don’t become another statistic? We’ve put together a few quick tips for your startup to help you keep your eye on the ball.

1. Strong Password Requirements

It seems like everywhere you look, this is the first piece of advice you get: make sure you require both your customers and your employees to use strong passwords. There’s a good reason for that. Strong passwords discourage increasingly common brute-force attacks. Requiring users to incorporate punctuation, a mix of numbers, letters, and capitalization into their passwords increases the difficulty of the problem exponentially.

Furthermore, if your requirements are unique enough, it will force users to come up with something new, and hopefully different than they’ve used on other sites and services. While brute-force techniques are definitely a threat, the fact of the matter is that 73% of online accounts are guarded by duplicate passwords, and not only that but almost half of people use passwords that are at least five years old.

Remember those data breaches we talked about earlier? Usernames and passwords are out there, and many of them still work.

2. Consider Social Logins

One thing you can do to take a bit of the load off of your shoulders is to consider using social logins from Google, Facebook, LinkedIn, and more. There’s a lot of good reasons to offload account protection onto these enormous companies. For one, login credential and password reset requests comprise anywhere between 20-50% of customer support volume for an online business, according to Janrain, and a password-related support request costs on average about $70.

Social logins make things easier for your users—they don’t have to go through the inconvenience of filling out a new registration form and are much more likely to get through to your actual service. This lets you leave security up to the big boys and focus on your core business.

3. Secure Your Network

In general, a wired network is going to be the most secure, because you know who is connected to it at any given time. But these days, that’s not practical for most companies. While a wireless network gives us a lot of freedom to use a variety of devices and change locations, it also can open the door for some uninvited guests.

In 2012, Joshuah Allen Witt was given an 8-year sentence for stealing over $3 million from up to 50 local Seattle businesses, operating a crime ring that targeted and breached their networks using their Wi-Fi networks. Good password practices are the first step, but you may want to consider more advanced measures, depending on what data you are trying to protect. Talk to your Internet Service Provider (ISP) to discuss what options are best for your needs.

4. Train Your Employees in Best Practices

According to Entrepreneur, about 14 percent of global data breaches in 2015 came from within the business’s network firewall. In other words, no matter what kind of protection you have in place, you need to put your employees in a position to succeed, and that means getting them on the same page about security.

Employees should know who should be in the office and be able to spot a fishy situation. Witt’s Seattle crime ring did a lot of breaches over Wi-Fi, but a few jobs were pulled off by physically breaking in and installing malware.

Training should include the basics of strong passwords, how to identify a suspicious link or attachment and how to keep control of your devices. Most importantly of all, be sure to emphasize that employees should have separate login information for work accounts than they have for their personal ones.

Finally, be sure that everyone is clear on company policy and that you immediately deactivate access of anyone that leaves the company. A disgruntled ex-employee with an active account can cause some serious damage.

What You Can Do Right Now

Security is serious business, and it’s important that your startup is on top of it from day one. Data breaches are on the rise, and hackers no longer distinguish between small businesses and bigger targets. Luckily, there are some simple steps you can take to make sure that you’re covered:

  • Make sure that you require strong passwords, from both your customers and your employees, and see if you can find ways to discourage password reuse.

  • Consider offloading security to the big boys with social logins.

  • Take extra steps to secure your network.

  • Train your employees on security best practices.
Scroll to Top