As startups grow and acquire new customers, they typically also acquire a large amount of data – ranging from bank accounts and other personal financial data to addresses, phone numbers, and social security numbers that, if leaked, could lead to identity theft. These data breaches not only have an impact on the consumers but on the companies, as well.
According to analysis by Comparitech, stocks suffer an immediate decrease in share price (of 0.43%) following a breach. However, it’s the long-term effects that are felt most acutely: Share prices rise at a much slower pace following a breach and tend to underperform the NASDAQ. For startups, a data breach can be even more concerning as they often have fewer customers and more to prove – not to mention limited funds to handle the fallout and recovery.
So what can startups do to protect this valuable information? They can not ignore it.
The first step startups can take is to create a data security policy that provides guidelines on file sharing, encryption, and handling sensitive assets. Management – or IT teams – should be made aware of how employees interact with company data, especially where it is stored and how it is handled on personal or mobile devices. For example, employees may unknowingly introduce risk by syncing data across devices, working with others outside the organization, or downloading apps or other programs that could potentially access confidential data.
While large enterprises may have the means to build in-house security teams, it’s often not feasible for smaller startups. If a startup must gather a multitude of data, many SaaS companies offer digital security services so that founders can outsource to established, cloud-based security professionals. In addition, many startups run servers and infrastructure hosted in a third-party public cloud, but it’s important to select the right hosted solution, one that provides data-centric security as well as application-level security.
However, experts agree that one of the most effective ways of protecting data is for startup management to train employees. Your team probably deals with data daily – they are the ones most likely to identify a potential weak spot or spot a phishing email. What’s more, with employee training, founders can cover everything from data loss prevention and two-factor authentication to creating a secure password and identifying suspicious links and attachments.
Data is an inescapable part of business today. By understanding your security threats, selecting security options that work best for your company, and empowering employees, you can help keep your data safe. That said, as technology constantly changes, it’s more important than ever to conduct security checks on all deployments and regular penetration tests so that you can always know where your data is vulnerable.
Not a MicroVentures investor? Sign up today.