Many Startups are Guilty of These 6 Cybersecurity Mistakes

Some of today’s most successful businesses began as startups. They usually begin with a brilliant idea or a new technology that promises to solve a problem and force us to reconsider how we do business.

The African region is no stranger to startups; according to reports, African startups raised nearly $5 billion in total estimated funding from 740 deals last year, with a focus on tech startups. This represents a more than 250 percent increase over the estimated total funding raised in 2020 of $1.3 billion.

Startup owners frequently focus on issues such as business planning, marketing strategy, and attracting additional investment, but they fail to address the need to build a strong cybersecurity system. The lack of a clear understanding of threats can cost a startup a potentially successful business.

Here are six common cybersecurity mistakes made by startups:

#1 Abundant access rights

When a startup employee requires access to corporate resources or services, they are frequently granted administrator privileges. The person who shares those access rights usually believes that it is easier to grant access to everything once, without understanding the true needs of a specific employee and his responsibilities, than to receive new requests for access every week. However, the greater an employee’s access rights, the greater the possibility of an error.

To reduce the number of cyber incidents, each workflow participant should have only the access rights required for their tasks.

#2 Inadequate storage and backup

Data backup is a method of securely archiving important information for your business, such as classified documents.

These backup copies are critical because they allow you to recover data in the event of an unplanned event, such as a cyberattack.

#3 Passwords that were forgotten

Forgotten passwords for corporate social networks or other infrequently used services are another common issue.

Perhaps a new employee creates a Facebook or LinkedIn account to help promote the company, but fails to share the account information with other members of staff, then leaves for another role – the login credentials are gone, with little chance of recovery.

#4 Passwords that are shared

Some people may believe that using shared accounts is a good idea when there is a lot of turnover. However, the more people who know a password, the more likely it is that it will be leaked due to phishing, negligence, or malicious intent.

Furthermore, when an incident occurs, it greatly complicates the investigation. Assume someone has gained access to an account – the experts suspect that the password was intercepted by malware and want to inspect the computer of an employee who had access. Only to discover that everyone else had!

#5 Cloud service passwords

Another password-related blunder is storing passwords in some files in Google Docs, which is usually accessible by anyone with the link if set up incorrectly. The obvious advantage is that it is very easy to transfer the necessary information to all employees; all that is required is to put all of the necessary passwords in one document and send a link.

Such Google documents, on the other hand, can be indexed by search engines. In other words, the file containing all of your passwords could end up in the wrong hands.

#6 Lack of two-factor authentication

Some password-related issues would be less dangerous if startups did not overlook two-factor authentication on work accounts. This allows you to protect important data from various theft methods, such as phishing. First of all, two-step protection should be put on all financial services.

Internet security experts Kaspersky says that to avoid the ‘typical’ mistakes that many small businesses and start-ups make, try to follow these tips:

• When it comes to granting access to resources or services you should follow the least privilege principle. That is, an employee must have the minimum set of access rights — enough only to perform their tasks.
• Know exactly where your startup’s important information is stored, and who has access to it. Back up all your important information and develop guidelines when hiring new employees, including clearly defining which accounts are needed for each employee, and which ones should be limited only for certain roles.
• Mature corporate cybersecurity culture helps to prevent many cyber threats. You can start with creating a cybersecurity manual for employees so that everyone is on the same page.
• All passwords must be stored in a secure password manager. It will help your employees not to forget or lose them and also to minimise the chance that an outsider will get access to your accounts. Also, use two-factor authentication mechanisms wherever possible.
• Advise your employees to lock their computers when they walk away from the desk. They should keep in mind that an office can be visited by all kinds of third parties, including couriers, clients, subcontractors, or job seekers.
• Consider installing antivirus software in order to protect devices from viruses, trojans, and other malicious programs.