How to Navigate Your Startup to Safe Harbor

When embarking on the adventure of launching a startup, the entrepreneur, as the captain who directs his or her crew toward their destination, will not only have to sail on a fixed course but will also have to fight against the wind and tide. Startups are characterized by having a highly innovative profile and by having proposals that break paradigms. So, when they go out to the open sea, they not only face the challenge of obtaining sources of funding but also how to reconcile limited resources with the adoption of new technologies and security. As they are heavily leveraged by technology to rapidly scale up their businesses, they are a sector particularly threatened by cybercriminals. 

This becomes even more relevant bearing in mind that fintech is among the sectors with the highest number of companies in Mexico. According to Finnovista's latest edition of Fintech Radar, there are 441 fintech startups in the country and since 2016, the sector has grown at an annual average rate of 23 percent. It is precisely this type of enterprise that is characterized by the use of emerging technologies such as artificial intelligence and Big Data to digitalize traditional workflows and support the exchange of money and other securities. 

What these little sailors don't take into account is that they are easy prey for “pirates;” in this case, cybercriminals who are out at sea waiting for their next “capture” and thus hinder their course. For this reason, they do not consider it a high priority to invest in tools that provide security. Many mistakenly think attackers are more interested in multinationals with more highly valued and identifiable information or corporate data, such as trade secrets.

The reality is different. There are two elements that can trigger the perfect storm. The first is that any business, regardless of its size or business line, can fall victim to cybercrime, simply because each victim represents a unique opportunity to make money. In fact, cybercriminals are well aware that small businesses do not have the same resources as large corporations to invest in cybersecurity, making them a prime target. Second, and especially for startups, the information they process and store — business plans, employees, customers, investors, and suppliers — is highly attractive to cybercriminals because it can be monetized. 

Generally speaking, most companies do not invest in cybersecurity, particularly in the initial stage, either due to a lack of knowledge or because the resources available to them are limited.  However, the cost of recovering from an incident can be significantly higher than an initial investment in this area and, in some cases, cause the business to “shipwreck” or end up in bankruptcy or loss of reputation, enough for a client or investor to think twice about relying on it blindly.

That's why my recommendation for entrepreneurs is always the same: no matter how limited your budget is, cybersecurity cannot be postponed. It is intrinsic to your company. You can develop a cybersecurity strategy, which, yes, will probably not be as robust as it should be, but it will be a good starting point and you will be able to strengthen it as your company grows. Here are five recommendations to get you started: 

Find out what IT resources need protection and what security tools you can implement in the early stages. In fact, many of them won't cost much. 
Carefully review the data protection laws of the countries in which you plan to operate and ensure that the processing of such information is compatible with these legal requirements. In addition, consult with your lawyers about the pitfalls and difficulties of each market in question whenever possible.

Keep a close eye on the security of the software and services you hire from third parties. Make it a point to know how they store and resolve vulnerabilities in their systems as well as learn about the characteristics of their solutions. 

More than 80 percent of cybersecurity incidents are due to human error, so it's key that you increase your employees' knowledge and encourage them to investigate the issue on their own. Today, many online resources can facilitate this task. 

Promote proper password management among your entire team, especially the importance of generating unique passwords that are strong and secure. Reinforce that they should not use the same password they use for a social network or online store to access corporate systems, as this will prevent any data leakage that those platforms suffer from compromising the company's network. 

As the captain of the ship, your goal is to navigate your startup into a safe harbor. To do this, you will have to anticipate all the challenges you may encounter along the way, including cyberthreats, and plan how to avoid them. This implies a change of mentality and a move away from seeing cybersecurity as an area for which you have to stretch an already limited budget, to seeing it as an opportunity to build resilient capabilities.

About Kaspersky

Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 250,000 corporate clients protect what matters most to them. Learn more at http://latam.kaspersky.com