Starting a New Business in a World of Cyber Threats

By: Maxwell Briskman Stanfield, Associate, mbs@muslaw.com

Cyber attacks are becoming more common in a world that’s dominated by information overload. From old-fashioned viruses that destroy computer systems, to phishing schemes luring information through false pretenses – the dangers are all around us. While entrepreneurs may not think their start-up or small business is a likely target, it is nevertheless essential to have strong data privacy tools and a data breach prevention plan in place from the very beginning.

For every new business owner, there are typical checklist items that are considered essential when laying the foundation of a successful enterprise. Entity selection/formation, tax matters, insurance, permits and licenses are just a few examples of common list elements. But as data privacy concerns continue to plague the business world today, protecting a company’s digital properties should also be a top priority.

Take inventory of key digital and data assets

Before establishing a plan for protecting your business information, it is important to take inventory of your data and digital assets to better understand your needs. Prepare a list of your assets and separate them into three categories – digital property with business value (business files, websites, domains, copyrighted material), personal digital property (files, photos, accounts) and digital property at risk for a data breach (passwords, credit card information, customer and employee data).

Next, organize these assets based on importance. As a general rule, companies should always prioritize high-risk data over other digital assets. That said, data protection is not a one-size-fits-all approach, and depending on the type of company, data priorities can vary. For instance, a financial institution may need to invest more in client data protection than it would in other areas, given the potential risk associated with a breach. Businesses dealing in e-commerce should also consider a higher level of protection for customer information.

These needs will also continue to change as the business grows. Growth means more customers, more employees and higher stakes. Consider taking inventory of your key data assets on a regular basis to ensure you are accounting for all areas of your business.

Proactively ward against hackers and viruses

Perhaps the simplest way to protect your company and its assets against cyber threats is to use adequate passwords and authentication systems. According to the experts at Interworks, creating a strong password starts with the 8 + 4 rule –  8 characters, 1 upper case, 1 lower case, 1 number and 1 special character. Also, try to avoid using any identifiable words or phrases (like your company’s address). Once the passwords are created, change them frequently for maximum protection.

In addition to password security, another simple trick is to make sure you have the proper security and firewall programs installed on each computer. Finally, be sure to back up systems regularly and monitor for any sign of unusual or irregular activity. Common irregularities that are easy to spot include, poor download and upload speeds, missing files, random restarts and anything that simply seems abnormal.

Educate employees

What many young company leaders do not realize is that most security breaches are not caused by sophisticated hacking scandals, but rather by poor education of internal staff members. For instance, do you know how many of your employees have access to your program passwords? Do you have a system in place to ensure those employees are not sharing passwords or other confidential information? How about email threats? Does your team know how to identify a phishing attack when it sees it?

Most new business owners assume that because their company is small they are immune to cyber threats. But as we’ve seen in the legal space, data breaches can come in all shapes and sizes and are equally harmful to all business operations.

In fact, this growing fear among businesses is what prompted the U.S. National Institute of Standards and Technology (NIST) to publish a standard policy framework for computer security. The policy provides simple guidelines for assessing and improving an organization’s ability to “prevent, detect and respond to cyber attacks.” The full framework is available online here for public use.

Though the NIST guidelines may be somewhat extensive for smaller organizations, having some sort of security protocol in place for employees is the first step in creating a more secure environment.

Seek legal support

In the event of a breach, or if you are simply looking for additional support, be sure to contact a qualified legal team to assist with all prevention, response and litigation needs. In addition to providing advice on appropriate breach response tactics, legal counsel can advise clients on proper precautionary measures and laws that govern information collection and retention.

Remember, even small organizations can fall victim to cyber attacks, but understanding the warning signs is half the battle. Create an internal list of key data assets, take precautionary measures to ward against harm and consult professional help when needed to ensure your business is properly secured.