Security Checklist: 3 Strategies To Beef Up Your Security
The increasing success of Southeast Asian start-ups make them the new target for cybercriminals
PHOTO CREDIT: Getty Images
Just as there is no doubting the traction Southeast Asia’s tech start-up ecosystem has gained in the last several years, the reality that cyber threats have grown increasingly sophisticated and largely unchecked in the region is also undeniable.
A Deloitte report reveals that in digital Southeast Asia, of the 10 ASEAN nations, only Malaysia, the Philippines, and Singapore have enacted full data protection frameworks. With small and medium-sized companies, including start-ups, comprising a large percentage of what’s driving the growth of ASEAN economies, Ian Yip, McAfee’s chief technology officer for Asia Pacific, points out that “these make them a new, lucrative target for cybercriminals.”
“Start-ups are generally highly focused on creating or improving their product or service, as well as in marketing and selling them, that security often ranks low on their priorities,” Yip says.
The Start-Up’s Line of Defense
As start-ups aspire for growth and innovation, they should also be cautious of potential threats that come with the adoption of mobile devices and cloud services. Says Yip, “SMEs and start-ups often gloss over the importance of a well-rounded security solution, but they need to put as much focus on protecting their business, intellectual property, and customer data as in larger organizations.”
It need not always break the bank, Yip points out. Beef up your start-up’s security arsenal by keeping three things in mind:
1. Deal with clueless employees
Just like how you wouldn’t want a clueless employee to get in the way of your productivity, you don’t want one to get in the way of security. Minimize the risk of falling prey to a ransomware attack by ensuring your first line of defense is covered: employee education.
“Put in place basic security practices to protect business information, and communicate these to all employees on a regular basis,” says Yip. Establish rules of behavior that detail how to handle and protect customer information and other critical data. “And make clear the penalties for violating these policies,” he adds.
2. BYOD (Bring Your Own Device) is a double-edged sword
Lean start-ups with cash constraints, understandably, often take a cloud-first approach to IT, with some founders telling employees to bring their own devices to work. Yip cautions that this is a double-edged sword.
“Employees access cloud services on these devices, such as file storage, document processing, customer relationship management, social media, and e-mail. These cloud services can be fundamental for start-ups, but whatever start-ups gain in terms of efficiency and save in operating expenses may come at the cost of security. Cloud services expose devices and the whole business to a plethora of risks,” he says.
3. Invest in securing the ‘Crown Jewels’ of your data
Cybersecurity must always be top of mind, and not only tackled when an actual incident has already occurred. One security question you need to ask as a founder is if you can even detect a cyber-attack as it is occurring, and if not, how long would it take you to notice it.
Advises Yip, “Invest in a connected set of solutions that increase security visibility. You need to maximize the level of automation, integration, and orchestration across your security platform with real-time situational awareness of threats in order to detect security incidents and respond quickly and appropriately.”
You also need to regularly backup critical business data, and limit employee access to vital business information and their ability to install software. “No one employee should have access to all data systems and be able to install software without administrative privileges,” he says.