MicroVentures Logo MicroVentures Logo MicroVentures Logo MicroVentures Logo

What Investors Look for Beyond Financials: Information Security

data/information security for startupsToday we’re continuing to explore what VCs and other investors seek in startups before they decide to invest. We’ve already mentioned the importance of having a strong management team and up-to-date social media profiles, but what about protecting confidential information?

It seems that reports come out almost daily about data breaches or corporate hacking. In fact, the Identity Theft Resource Center (ITRC) reports that 758 data breaches have been reported as of June 20 this year – a 29.1% increase compared with 2016. For a startup, such news could be disastrous and might even impede company growth.

Almost every business has some kind of information that hackers want; it could be bank account information, client contact information, or intellectual property. Whereas established companies have spent the time and money putting systems in place to prevent cyberattacks, early-stage companies are often easier to infiltrate. The most common types of cyberattacks include email phishing, web attacks, and malware, according to Symantec, which also reports that startups are particularly vulnerable to cyberattacks within the first 18 months.

In order to best protect data, entrepreneurs need to understand the threats associated with their business. By performing risk assessments, prioritizing data, assigning threat levels, assigning risk scores, and evaluating the appropriate steps, a startup can take measures to protect against specific security threats – such as multifactor authentication for personal medical records in health tech or encrypting financial information for fintech.

It is also important for startups to create a company-wide security plan, empowering employees with the information necessary to identify potential areas of weakness and the tools to report or improve those weaknesses. Ensure employee emails are secure, with malware/phishing email filters in use and employees informed of possible bad emails. IT and development teams should be fully involved while setting up a security strategy. For example, depending on whether a startup’s servers will be hosted off site or in house, a security plan will have different priorities and necessary steps.

Employees should also be informed of a business plan in the event of a security breach – and entrepreneurs should understand legal responsibilities and plan for investigating, reporting, and mitigating security issues well in advance of an occurrence.

The decisions an entrepreneur makes as he or she builds a company can affect the company’s next funding round or even eventual exit. By ensuring that data is secure, you may be protecting your hard work from a cyberattack down the line – or at least positioning your company to respond quickly and appropriately should one occur.

Not a MicroVentures investor? Sign up today and stay tuned to our blog for the final installment of what investors look for beyond financials.