Startups Don't Have to Be Fort Knox
You don't need to be a digital Fort Knox to protect yourself from most cybercrime. The most important steps are the basic ones -- to gain both the trust of your customers and generally deter hackers. You can build public security measures into your app to build your users' confidence in you and deter hackers. A good foundation to start is:- Use two-factor authentication - It detects and deters potentially fraudulent users from wreaking havoc on your site or app. Using a service like RingCaptcha, all it takes is a snippet of code copied and pasted into your platform and you can begin verifying your users in minutes.
- Enforce best practices for passwords - Enforcing a minimum password strength and logging users out of sessions when they change their passwords shows that you take security seriously at the user level.
- Publish your security policy - Make your processes and incident response plan available to the public. Include any relevant certifications, like FedRAMP, to demonstrate your compliance with industry standards and commitment to excellence.
Guard Internal Assets
SECaas products can protect sensitive internal information like company policies and financial documents. While security needs differ from company to company, here are some of the basics:- Back up your data - Protect your organization against ransomware by keeping extra copies of your files; one example iDrive, updates in real time, so you don't even need to spend time manually managing the service.
- Secure your internal accounts -This means using a random string of different numbers and letters for every account, and not storing passwords in a file where hackers can access them (like on the cloud); while you can use a service like 1Password to keep all your passwords in one place, keep in mind that services in this category have experienced breaches.
- Keep your firewall and anti-virus software up to date - A firewall keeps out unauthorized users, while an anti-virus program detects viruses and other potential cyber threats.
Reward Secure Behavior
While human resources departments increasingly require employees to sit through computer-based training in security best practices, the apps don't exactly force people to comply with what they learn. However, you can set up incentives that reward those who comply -- and even make it fun to do so.- Use a rewards system - You can give rewards to employees who go above and beyond in the realm of secure practices. You can even do this for team members who are geographically remote using Delight.
- Go for bug bounties - A growing number of security vendors maintain bug bounty programs, which provide recognition and even compensation to those who report bugs. Making a point of participating in these initiatives just might motivate your users to report security issues.
- Gamify - You can take the rewards to another level through gamification; Data Defender includes this in its security, with badges to reward the most security-conscious employees.