Denise Hudson Lawson is an enterprise learning architect at Pluralsight. Prior to this, Denise worked at the Houses of Parliament, selected to head up a new parliamentary service to develop and deliver a portfolio of online services to over 7,000 staff. In this article, she discusses how startups can benefit from ethical hacking.
The effects of cyber attacks can go beyond the obvious financial consequences, they can also destroy a brand’s reputation.
So what about the startups who can’t afford to lose even the smallest per cent of their vital customer base?
Although no company, regardless of its size, should ever assume itself safe, startups are particularly vulnerable to customer desertion following the backlash of a cyber attack.
Navigating an initial investment can be tricky at the best of times, so a cyber breach so early in a business’ life could raise questions even from the most interested investor.
Getting cyber security right from the get-go isn’t something that can be overlooked.
Arming the business
Ethical hacking is where the techniques of a malicious hacker are used to identify the weak points in an organisation’s security infrastructure, with that knowledge used to improve its defences.
An understanding of ethical hacking means the business can be alert to all aspects of digital security, allowing the knowledge to ripple out to other team members and put measures in place to stop attacks before they happen.
Getting up to date on ethical hacking will tend to stem from the IT gurus in the startup, but security shouldn’t just be the priority of the most IT savvy member of the business.
From the founder to the intern, ensuring every employee has the basic IT skills such as password management or education on how to identify phishing scams is vital and could save a company thousands of pounds.
A recent discussion with security and ethical hacking expert and Pluralsight author, Troy Hunt, made it clear to me that startups have the advantage of being able to cultivate a good attitude to cyber-security across the whole business from the start:
“You want to train your staff to think like a hacker – to anticipate the attack before it comes. This isn’t so easy to encourage when there’s a lot of you who’ve been doing things a certain way for a certain time. But a startup can get this right from the beginning. Established organisations have to contend with dated legacy IT and processes, making it difficult to respond to emerging cyber threats, whereas startups have a clean slate to work from, allowing them to use the best practice approaches to cyber-security.”
Even so, the best underlying security systems in the world are open to threat if the employees don’t know the basic rules of online security, or aren’t trained at spotting problems as and when they arise.
Setting the standard
PwC revealed in a recent study that 34% of compromises in an organisation’s cybersecurity originate from the employees themselves, whether malicious or not.
This demonstrates the fundamental importance of setting the standard from the beginning with a startup.
If employees understand the behaviours that can open a business up to a cyber attack and have foresight into the ways cyber criminals work, this will help protect the organisation.
For example, understanding the threat of hacking into public wifi networks or how scammers put pressure on basic human nature principles such as trust and the need to act in an urgent situation.
Training the forces
The first step to achieving this is ensuring employees have the right tools and learning opportunities available to upskill on ethical hacking.
While there are a number of training methods out there, it’s not enough to just send someone on a day long course.
Ethical hacking is a constantly changing area, and for startups with tight budgets, it’s important to find more effective learning approaches, such as on-demand, online courses that allow employees to continuously refresh their knowledge as new threats emerge.
At the same time, this on-demand approach much more closely matches how the YouTube generation wants to learn: online, at their own pace and in any location.
Investing in the learning tools to encourage employees to become more cyber aware may come as a surprise, but encouraging continuous knowledge of new threats and having vigilant attitudes to cyber-security threats is likely to prevent a devastating incident further down the line.
This allows the business to at least have the opportunity to thrive, rather than lose the chance to make an impact and get a foot in the investor’s door.
Our next print magazine, out on 22nd February, is all about cybersecurity. Subscribe here to get your free copy.