(Editor’s note: Rob Marano is president and CEO of InDorse Technologies. He submitted this story to VentureBeat.)
With the rising tide of WikiLeaks-style attacks and increasingly sophisticated hackers, it’s more important than ever to be especially diligent in protecting your company’s sensitive information. If your intellectual property (IP) gets into the wrong hands or you suffer a data breach, not only does it put your credibility and competitive edge at risk, it can also jeopardize your company’s financial viability.
Even more concerning, according to the 2011 Verizon data breach report, cybercriminals are now targeting companies with 1 to 100 employees. To make matters worse, these criminals are more interested in sensitive company data than financial/credit information. This trend is putting IP in more danger than ever before.
Here are four ways to ensure yours is protected.
Think of security early and often – Ok, this seems obvious, but to too many startups, it’s not: A security plan should be part of your overall business strategy.
It’s tempting to dismiss this level of focus on security when your products and customer base are still in development. Unfortunately skipping this step has potentially dire consequences. By nature, startups are actually better suited than major corporations to build strong security programs. They’re more agile, quickly take advantage of new technology and can build in the best security practices from the ‘get-go’ versus having to retro-fit or re-engineer existing, complex legacy systems.
Startups that weave security policies and practices within their developing business strategies are well-suited to protect their IP against attacks.
Identify sensitive information and determine how to protect it – What happens if a developer’s laptop is stolen and your source code gets into the wrong hands? What happens if a partner inadvertently sends a spreadsheet of private customer information to a competitor? Or, a disgruntled employee shares your product roadmap with the hacktivists? Identify your valuable information assets, assess potential threats and implement clear policies and protections to protect your valuable information.
Establish policies and protocols to monitor employees’ consumer devices and social networking – No one can argue that startups realize clear benefits from their employees’ use of personal devices like tablets, smartphones, etc. especially in terms of cost-savings, mobility and productivity. However, these devices were not designed to be secure and manageable by IT departments on a business-wide level.
Additionally, the convenience of instant messaging and business applications on social networks has quickly become the norm. If your employees are allowed to use such sites, it is imperative they are clearly taught best practices and usage policies to ensure your corporate information is not put at risk.
Since a security breach could end up costing you way more than training your employees on basic best practices, it’s a good idea to implement a training program. At a minimum, ensure you have privacy and data protection policies in place that clearly delineate expectations and (in the event security is breached) consequences.
Protect files, in addition to systems – Although compliance mandates improve safety around practices and procedures, they do not protect your business’ IP itself. Many employees want to access their work from their personal devices to perform their jobs – and they will find a way to do so, even if that means compromising network security.
As a startup, you should comply with best practices for implementing traditional ‘depth in defense’ systems that fit into your budget including identity management, firewalls, device protection and such. Another way to extend your data security is to include file protection, a technique that embeds security mechanisms directly in files themselves, without requiring client software or changing how employees work. In today’s mobile environments, security/protection must follow the data, or the file, itself, as well as provide the ability to remotely track or destroy files if needed.
In the end, technology that takes responsibility out of employees’ hands is what will be most effective and beneficial to your security strategy. Investing in security technology solutions that include automatic, policy enforcement and file protection will eliminate the possibility that a ‘middleman’ can access or expose your data maliciously or inadvertently.
About the author: Rob Marano is president and CEO of InDorse Technologies, which he established in 2006. Rob is also a professor at The Cooper Union and NYU.