Start-Up Secure. Chris Castaldo

Читать онлайн.
Название Start-Up Secure
Автор произведения Chris Castaldo
Жанр Малый бизнес
Серия
Издательство Малый бизнес
Год выпуска 0
isbn 9781119700753



Скачать книгу

the ones for Windows or MacOS. Some applications will have the ability to automatically download and install updates, but most will not. This will require a small amount of effort on your part to make sure your most used applications are up to date. I recommend checking updates for your web browser, like Chrome, Firefox, and Safari, and any productivity applications, like Word, Excel or PowerPoint. And if you use an email client on your computers, like Outlook or Thunderbird. These types of applications should be updated as quickly as possible; vulnerabilities are constantly discovered since they are the easiest way to compromise a system.

      You might be thinking, “Well, what about antivirus?” I've devoted all of Chapter 4 to this topic because of the volume and complexity of solutions available. I also discuss many options that may require capital expenditure that might not seem so lean for a start-up. Just know if you happen to use pirated software you will not be able to receive critical security updates. You also cannot verify the authenticity of what you've downloaded and could very well have opened a backdoor into your system for attackers. Legitimate start-ups should only use legitimate software.

      Open source software, which is a legitimate free option, can also come with risks. Depending on the country your start-up is founded in, you may need to pay close attention to open source software from specific countries and geographic locations. This applies to antivirus software or anything else you use in your start-up.

      So, what do they call antivirus these days? Marketing has now rebranded this technology as endpoint detection and response (EDR). While it does have many more features than the popular antivirus software of the 90s and 00s, it still has basically the same functions and keeps your device secure. We'll dive into this more in Chapter 4.

      Setting a passcode, passphrase, pattern, or fingerprint is the first line of defense to protecting the data on your phone and the data it has access to. Nearly all modern devices support these features and you should enable them when you buy the phone or do so immediately. There are many lines of thought on which option is most secure, again a larger discussion than can be covered in this book, but you should enable at least one of them. You should also encrypt your phone in the case that it is lost or stolen. While most thieves resell the phones and don't attempt to retrieve data from them, encrypting your phone will provide peace of mind if it goes missing. Both Google and Apple offer the capability to find your phone if it is lost, or remotely delete all sensitive data if it is stolen. These features are not enabled by default and you should ensure you switch them on for any device you use for conducting business.

      When a device is lost or stolen you have now lost your ability to log in to services that require your MFA code, such as Google Workspace or Apple iCloud. Both services have procedures that will allow you to log in after an emergency but it can be a lengthy process. Both services do allow you to set up an emergency phone. This should be someone you trust explicitly: a co-founder, spouse, or another family member whose device you could quickly access in an emergency. So preferably not someone that lives on a different continent. Or you could even have a second phone that you leave locked away for such an event, depending on how critical your data is.

      Regardless of the stage of your company – formation, validation, or growth – these are all unique starting points and require a different effort and level of investment of resources. Understanding the foundational components will help you determine where you must start or where you need to accelerate projects. Not everyone bakes in cybersecurity from the day they sign the documents to legally form their business.

      Identify the stage your company is at and then build your cybersecurity program to at least that level. Make sure you identify the risks that may have been overlooked in previous stages of the company. Both technical debt and cybersecurity debt are a real thing. The longer you put it off, the more that debt scales with your business.

       Determine what stage your business is at: formation, validation, or growth.

       Define and write down who your ideal customers are.

       Write down what industries they are in.

       Write down what data, if any, you will process, store, access, or in any way have access to.

      1 1. https://workspace.google.com/

      2 2. https://www.office.com/

      3 3. https://www.virtru.com/

      4 4. https://signal.org/

      5 5. https://wickr.com/

      6 6. https://slack.com/

      7 7. https://www.microsoft.com/en-ca/microsoft-365/microsoft-teams/group-chat-software

      8 8. https://enterprise.verizon.com/resources/reports/dbir/

      9 9. https://authy.com/

      10