Last week our Lead Developer Henry headed to Bristol CyberCon – a one-day conference that brings together a community of cyber entrepreneurs, practitioners and collaborators to share expertise and wisdom and to encourage best practice.
Representing a small business and working with plenty of early-stage startups here at Simpleweb, Henry found there were several key messages being reiterated for how to maintain good security – particularly within small organisations.
Small companies [should] make sure they lock their front doors to guard against opportunists trying well-known exploits
If you’re running a small business or tech startup and are feeling intimidated by talk of cyber threats and the prices of the latest AI-based products being advertised, you’ll be pleased to know it’s easier (and cheaper) than you think to keep on top of security within your business.
“While the news might be dominated by attacks sponsored by the likes of the Russian government, if you’re a small company you can’t worry about nation states trying to hack you, or organised crime groups,” Henry says. “However, it’s still important for small companies to make sure they lock their front doors to guard against opportunists trying well-known exploits.”
These are Henry’s top takeaways to offer a super simple starting point for all the small tech businesses and startups out there:
Keep your tools up-to-date
When your computer prompts you to install operating system updates, just do it.
We know it’s tempting to put it off when you’re in the middle of something, but not doing so will lend you to potential vulnerabilities in the older versions of your operating system that could be taken advantage of by hackers.
This extends further than operating systems though. Every tool, bit of software or otherwise on your computer (or that underpins your app, or website) should be updated as soon as a new version becomes available.
If you have old software on your computer that is no longer being updated by its creators, be aware that it could be compromising the security of your entire device or computer. There are so many amazing business and tech tools out there these days that you can usually ditch it for a newer version of the same thing.
Use an encrypted password manager
This goes for everyone, whether you’re running a business or not. Don’t use the same passwords across multiple websites and services and make sure they are secure and not easy to guess.
A simple way around this is to use an encrypted password manager such as 1Password or Dashlane. It’ll autogenerate secure passwords for all your accounts and securely store them so you don’t need to worry about forgetting them.
It’s also important to switch on two-factor authentication when it’s available, particularly for your email accounts. You can usually do this quickly and easily via your email provider’s settings.
Keep your employees (and clients) in the know
Have a protocol, a policy, a training session – something for your staff. It’s all well and good if one person in your organisation is hot on security, but if your staff or clients are constantly downloading random tools and using insecure passwords or failing to keep their software up to date, it’s not going to be much good for your business as a whole.
This blog is just the start of a myriad of things you could be doing to ensure your business is secure. But there are so many resources online that can help you do this for free.
Here’s a few more to get you started:
https://www.cyberessentials.ncsc.gov.uk/ – Offer basic advice from the UK government’s National Cyber Security Centre, which aims to advise and support both the public and private sector.
https://www.cybrary.it/ – Offers a free community aimed at assisting people to learn about cybersecurity.
Some organisations will code away and then pay external organisations to analyse the code for bugs or weaknesses (perhaps only after their system has been compromised).
As a small business, this process is likely to be out of your price range. It will also be cheaper overall if you can avoid this unnecessary cost and ensure that security best practice is well integrated into your organisation and development culture at the early stages.
The aim really is to avoid introducing security issues in the first place. So make sure your dependencies (e.g. the libraries and services used by your system) are kept up-to-date with security fixes and be aware of at least the most common security issues relevant to your systems (e.g. OWASP’s top 10 for web apps) and know how to avoid them.
(It may be that the tools you are using already provide protection but make sure they are configured to do so.)
You can even make your life as a developer easier with some automated assistance. There are free tools that can help. If you work with Ruby on Rails, Henry recommends taking a look at Brakeman and Rubocop. But there are plenty more examples in this blog by Maxpower.
If you’d like to discuss your startup or project, get in touch with Simpleweb today.