• Home
  • About Us
  • Articles
  • Podcast
  • Videos
  • Contact
  • Subscribe
8th August 2020 by Oliver Dowson

The risk is too big to ignore

The risk is too big to ignore
8th August 2020 by Oliver Dowson

How your small business could lose everything

Cybersecurity tips for start-ups and SMEs

Data security is rarely a high priority for any small or new business, and investors in startups hardly ever inquire into it – in fact, most probably know little or nothing about it. That’s a dangerous mistake.

Start-ups in any sector, and all businesses developing or relying on digital and online services, are an attractive target for cybercriminals – and there are a lot of them about. Cyberattacks lead to loss of data, financial losses, reputational damage, and other catastrophic consequences.

Start-ups can have their brilliant ideas and hard work stolen, often without their even knowing it, particularly if they can be applied and built on in other countries. In my work in international expansion and as an “Angel” investor, I’ve seen several cases of new developments in far-away countries that look like carbon copies of businesses I’ve been invited to invest in in the UK. Not only do such developments risk closing down international markets to the original company, better-funded foreign copycats can become a parasite in their domestic market.

You can’t effectively patent software and ideas.

“First to market” usually wins.

Effectively defending against these threats demands a high level of preparedness. Entrepreneurs need to acknowledge cybersecurity risks and to take proactive measures to mitigate cybersecurity risks if their businesses are to survive.

These dangers – and what to do about them – were highlighted to me in a recent conversation that I had with Brad Smith of #TurnOnVPN.

He and others have created #TurnOnVPN as an activist group with a mission to promote free and unimpeded internet for all, and advocate for a safe, secure, and censor-free Internet.

Like most, I’m aware of the risks of hacking and data attacks, but I thought that they were limited to banks and big organisations.

Not so, Brad told me.

“Incidents of cyberattacks and data breaches are becoming increasingly common these days. According to the World Economic Forum’s 2019 Global Risk Report, data breaches and cyberthreats constitute some of the most serious risks that businesses around the world are facing. Cybersecurity concerns have jumped to the number one spot on the list of business concerns.”

“Cyberattacks are also growing in scope and severity”, says Brad. “For instance, the WannaCry ransomware attack in 2017 affected more than 200,000 victims in at least 150 countries. These attacks are harder to detect and almost impossible to come back from.”

Small Businesses Are More Vulnerable to Cyberattacks

But surely this is only a problem for big business, who can afford sophisticated data security measures?

“Actually small businesses bear the brunt of online criminal activity”, says Brad. “Large organizations are investing in robust cybersecurity infrastructure, making it harder for cybercriminals to break into their systems and steal data. Smaller businesses, on the other hand, base their cybersecurity budget on emotion and guesswork. Most of them, especially start-ups, don’t even have a cybersecurity budget.”

According to Brad, nearly half of all cyberattacks target small businesses. Start-ups are particularly vulnerable in their first 18 months of operation. “The consequences can be catastrophic”, Brad told me. “A recent Verizon report put the average loss per attack at around $200,000 – and said that 60 percent of small businesses don’t survive a cyberattack and fold within six months”.

Cybersecurity Threats

The vast majority of start-up entrepreneurs believe that their businesses are too small to worry about cyberattacks or their data is not worth stealing.

“That is not true”, says Brad. “No business is too small to worry about cybersecurity. Since most start-ups don’t have adequate computer and network security, they’re an easy target”.

Brad went on to tell me about the most common cybersecurity threats start-ups face.

Phishing Attacks

Phishing is the general term for any sort of social engineering where the perpetrator uses disguised tactics to trick the victim into sharing sensitive information such as usernames, passwords, or whatever it is the attacker is after. “Over 90% of cyberattacks targeting businesses are phishing attacks”, says Brad. “Phishing attacks can even be used to target a specific business, a tactic known as spear phishing”.

Malware

Malware attacks – and there are many kinds – are very common. “Cybercriminals take advantage of easily exploitable vulnerabilities in your system by launching a malware attack”, said Brad. “Ransomware is an increasingly common malware attack being used to terrorize small businesses. Forbes recently predicted a 300% increase in ransomware attacks in 2020, mostly targeting small businesses.”

Data Leaks

The transmission of sensitive company information from within an organization to an external environment is known as a data leak. The ones that we hear about in the news are things like user credentials, card numbers and contact details, but it any kind of data held on a computer is at risk. “Whether intentional or unintentional, employee actions can lead to loss or exposure of valuable company data through data leaks”, says Brad. “Fintech start-ups that have interfaces with financial service providers are particularly vulnerable”.

Such cybersecurity risks are especially relevant to start-up entrepreneurs looking to expand their businesses internationally. Brad highlighted a particular problem. “Many outsource some duties and hire freelancers to meet labour demands”, and that escalates the risk of a cyberattack as malware could easily spread from a compromised employee’s or contractor’s device into a connected office network”.

The good news, I was told, is that there’s plenty that can be done to protect a start-up from cyberattacks, even from afar.

Mitigating Cybersecurity Risks for Start-ups

 “Hackers have become very good at finding vulnerable systems these days”, says Brad. “They use automated scripts to find entry points to access valuable data. In the absence of cybersecurity protections, start-ups and other small businesses fall victim to these hacker bots more frequently”.

I asked Brad to recommend  cybersecurity precautions SMEs can take to protect themselves from all these “cyberthreats”.

Create a Security Budget

Brad’s top recommendation is that every entrepreneur should have a cybersecurity budget. How much should start-ups allocate to their cybersecurity budget? “Well, that depends –  there’s a limit on how much a business can afford to lose in the event of a cyberattack, and that’s unique to every business”. Key factors to consider are what use the company makes of customer data and how it monetizes that information.

Risk Assessment

“You need to identify, quantify, and prioritize the risks and vulnerabilities in your system”, says Brad. A risk assessment audit should look at all the different aspects of your system including hardware, laptops, customer data, and intellectual property. Assessing system risks and vulnerabilities will help pinpoint the specific cybersecurity risks that could affect these assets. “It’s always a good idea to hire an external consultant to carry out the audit”, advised Brad.

Deploy Antimalware Solutions

Antivirus and antimalware solutions are designed to protect your system from malicious code. Antimalware protects against threats such as viruses, trojans, worms, ransomware, and bloatware.

“You should also consider installing a virtual private network (VPN) for added protection against these threats”, says Brad. “A VPN creates a private network from a public internet connection guaranteeing online privacy and anonymity. VPNs are often used by corporations to protect sensitive data. Secure the network with a VPN to prevent DDoS attacks and provide an added layer of protection against other online threats”.

Employee Training

“Your employees could be the weakest link in your organisation’s cybersecurity”, Brad told me. “No matter how much you invest in security, hackers will always try to find a way in through the staff”.

Phishing and spear-phishing attacks work because of employees’ lack of awareness of these cyberthreats. “It’s essential to train your employees in cybersecurity best practices such as using strong, unique passwords, and how to recognize spoofed or malicious emails. Make sure that your employees know what to do in the face of an impending threat”, says Brad.

Restrict Access to Company Data

Negligent employees and contractors may put company data at risk too. “It’s always safer for start-ups and other small businesses to limit access to company data”, says Brad. “If you have to share sensitive credentials with third-party vendors or other entities, don’t forget to revoke these privileges when these relationships come to an end”.

Update Your Software Regularly

Like everything else in the tech world, cyberthreats are constantly evolving. “Newer threats are more damaging and harder to detect”, says Brad. “Having the latest software updates is essential to your start-up’s digital safety and cybersecurity. Software patches come with the latest security definitions and ensure that your system is protected from the latest threats”.

Brad also advised that all systems should be checked regularly to make sure that they are running the latest software versions, that antivirus and anti-malware updates are downloaded and installed as soon as the provider sends out the alert.

Consider outsourcing IT Services

There’s clearly a lot to worry about, yet start-up entrepreneurs and most SMEs simply don’t have the resources or time to invest in a robust cybersecurity set-up. On the other hand, the risks that Brad outlined to me are far too grave to leave a business unprotected.

“Consider outsourcing IT security duties to a professional service provider with extensive experience of dealing with cyberattacks and data breaches”, advises Brad. “It’s a convenient and reliable way to protect your company’s data, leaving you to focus on finding more customers and expanding your business”.

There is more information about TurnOnVPN at https://www.turnonvpn.org/

Grow through International Expansion is not associated with this group in any way but endorses the contents of this article.

Oliver Dowson offers subscribers to growinternational.org free introductory consultancy on any aspect of international expansion – just get in touch using our contact page

Previous articleMy 5 top tips for successful exporting and international expansionMy 5 top tips for successful exporting and international expansionNext article Planning on expanding to the USA? The UK might be a better first step, here’s whyExpanding to the UK

Any facts and opinions presented in this content are those of the author or speaker. The inclusion of this content on the Grow through International Expansion platform does not imply endorsement by the platform owners of such facts and opinions nor by any business represented by interviewees or contributors. Whilst every care is taken to check facts and figures, we accept no responsibility for their accuracy. Please advise us of any discrepancy and we will endeavour to correct the information as quickly as possible.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

About the Author

It’s more than just increased revenues and profits – it’s a simple fact that the value of a business increases through International Expansion, whether measured by share price or eventual sale valuation. I am Oliver Dowson, International Expansion Specialist, Podcast Host, Author and Angel Investor. Over the last 40 years, I have travelled extensively in over 120 countries, created, managed and sold businesses in 10 countries on my own account, and many others in more countries for clients.

Recent Posts

Love of Flying13th May 2022
Artificial Intelligence to help brains function better11th June 2021
Green Hydrogen5th May 2021

Categories

  • Business Travel
  • FDI Foreign Direct Investment
  • Free Trade Agreements
  • Investment Promotion Authorities
  • Podcast
  • Startup

Tags

Advertising Agency Africa Angel Investors Business Business Development Business Plan Business Strategy Business Travel Customer Experience Customer Service Disruption Emerging Markets Employment Law Entrepreneur EU Expat Manager Free Trade Agreements Free Trade Zones Germany Global Expansion Globalisation Innovation International Business International Development International Expansion International Sales Kuwait Latvia Lithuania Opportunities Shared Centres SME Startup Success Thought Leadership Translation Travel Travel Services Travel Tips Travel Writing UK United States Uruguay USA Venture Capital

Start Here

  • Home
  • About Us
  • Articles
  • Podcast
  • Videos
  • Privacy Policy
  • Contact

Recent Posts

Love of Flying13th May 2022
Artificial Intelligence to help brains function better11th June 2021
Green Hydrogen5th May 2021

Grow Through International Expansion

Unit 9 - Poplar Works
384 Abbott Road
London
E14 0UX
United Kingdom
info@growinternational.orggrowinternational.org
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy
“Grow Through International Expansion” is a trading name and service provided by VINX Digital Limited, registered in England & Wales no. 11465693 ♥ Proudly built in London by VINX Digital Limited
Privacy Policy

Start Here

  • Home
  • About Us
  • Articles
  • Podcast
  • Videos
  • Privacy Policy
  • Contact

Grow Through International Expansion

Unit 9 - Poplar Works
384 Abbott Road
London
E14 0UX
United Kingdom
info@growinternational.orggrowinternational.org
Privacy Policy