Information is Money stored in the form of bytes in the present era of digitalization. Securing information is worth storing diamonds, yet many businesses in India despite of knowing the value of data, have a reactive approach to this. Instead of being precautionary and taking preventive measures in advance, they wait for an incident to happen and then act on it.
Computer security, also known as cyber security or IT security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide.
Cyber security is a strategy and not just security products, solutions and resources working in silos. Since startups have cost constraints, it is beneficial for them to look for security vendors who would offer cloud services on pay per use model. This obviously brings down overall investment upfront and negates the necessity of having an in-house cyber security expert team. And often such services are considerably cheaper.
Security activities startups should implement:-
• Risk or vulnerability assessment on yearly basis and key controls for high risks assets
• Endpoint security protection on desktops, laptops, mobile devices and other connected devices
• Unified threat protection or next-gen firewall for network protection
• Security scanning of external facing high value assets, both at network level and at the application level
• Security monitoring for assets that has sensitive data or intellectual information
• Manage user identities and access on a need to know basis
• Stronger authentication for privileged and high risk accounts
• BCP planning for critical processes
• Information security awareness and training for all employees
There are some other common counter-measures apart from the above also which are as follow:-
• Security by Design
• Security by architecture
• Vulnerability management
• Hardware Protection Mechanism
• Secure Coding
• Secure Operating System
Lastly, Startups should never be of the mind that cyber security is of more use and need for large organization because as I mentioned above data is just like a form of money nowadays, if it’s stolen once than its bit difficult to regain it.