Are You Prepared? Identifying Cyber Security Risks
Cyber security measures need to be built into your startup from the very beginning.
So says Danny Timmins, National Cyber Security Leader and member of the Enterprise Risk Services team at MNP. Timmins will be the featured speaker at North Forge’s next Lunch & Learn on March 16
The following are some common risks that Timmins says should be top of mind for startups:
For most startups, intellectual property is their most valuable asset. When you are working to develop an innovative product or service, you need to do everything you can to ensure that it isn’t stolen or tampered with.
State-sponsored cyber attacks are especially common, Timmins explained. “There are countries that target Canada specifically. These countries are attempting to collect intellectual property for their country’s businesses, so that it can be turned into a product or service without expending the intellectual resources to develop it.”
According to a study conducted by PwC, 19% of American entities claimed losses between $50,000 and $1 million in 2013 due to cybercrime.
Securing Stored Data
If you are creating a service or solution that collects personal information or other data from your customers, you need to make sure that that information is safe.
“If an app is breached in the early stages of a launch, the trust factor is lost for both users and investors,” said Timmins. “You could lose [both].”
A 2016 study by the Ponemon Institute showed that regulated industries, such as healthcare and financial services, have the most to lose from a data breach. Higher-than-average financial repercussions are likely because of fines and a higher loss of business and customers.
Supply Chain Management and Third Party Services
This risk applies both to outsourced development and cloud services.
“An app that has outsourced development needs to ensure that those employees or businesses are trustworthy,” said Timmins.
A recent study from KPMG International, Global Profiles of the Fraudster, showed that 65% of fraudsters were employed by the company that they victimized. Another 21% were former employees.
“Another example would be cloud-based services that you are entrusting with your data. You need to look at your contract carefully and make sure that your information is completely secure.”
“The worst case scenario would be someone steals your IP and puts it on the market before or at the same time as you do,” said Timmins, “A breach in security early in the launch could be financially devastating for a company.”
Many of the measures you can take to protect your business are simple. For example, if your company is hit with a ransomware attack, an offline backup means you won’t have to pay to get that information back.