Every other week, On Small Business reaches out to a panel of young entrepreneurs for answers to some of the most pressing questions facing small business owners. The following responses are provided by members of the Young Entrepreneur Council (YEC).
Q: How much of small business owners’ time and capital should be spent on cybersecurity protection, and what factors should play into that decision?
Raphael Ouzan, CTO and founder of BillGuard in New York, N.Y.
“When it comes to cybersecurity protection, the biggest problem that small and medium-sized business owners often fail to address also happes to be the most critical: Awareness.
A lack of awareness by employees is the root cause of most of data leaks and other security incidents, and no matter how secure your data center may be or how strongly communications are encrypted, the weakest link will always be the human beings interacting with the network. Since a company’s leadership must focus on revenue gereration and generally lacks the knowledge to properly assess security risks, I strongly encourage companies in any industry to partner with a third-party security firm to assess vulnerabilities and enhance the overall level of protection — and provide the necessary training in a strong, common-sense approach toward connected devices.
This training needs to include the entire company, and there are 3 main points to cover in order to meet a minimum level of protection: 1) proper password management on all internal company services, including clear procedures for on-boarding and off-boarding of employees, as well as day-to-day usage; 2) clear guidelines for the sharing of information with remote employees, partners and third parties; and 3) a plan for monitoring usage and privileges to the company’s digital assets.”
Matthew Ackerson, founder of Saber Blast in New York, N.Y.
“When we were building our marketing software product, we purposefully took our time in to the public. This way we would be better able to eliminate all of the potential “security zeros.” For example, what if a hacker got into our system by pretending to be another user? By slowly opening yourself up on the web, you’re better able to catch and fix security loopholes.
The biggest factors that should impact how high of a factor security is on your list is (a) what type of information you’re transmitting (e.g. payment information or surveys of which cat picture is better), (b) how “public” you’ll be (e.g. launch with lots or press vs. a quiet rollout of some new software), and (c) what types of security standards are already in place (e.g. all information transmitted is encrypted or all data is sent publicly over the Worldwide Web).”
Matt Mickiewicz, co-founder of Flippa.com in Vancouver, Canada
“Flippa.com, one of the companies I co-founded, is a Website marketplace. Everything we do is online, so cybersecurity, and its inherent association with trust, is a high priority. It’s also a core competency of our team, so we tend to do the bulk of it ourselves. We use tools such as risk matrices, plotting likelihood against impact, to determine how much we invest in this space. Our resources are immediately assigned to anything with high likelihood and high impact.
For example, we’ve invested heavily in providing our Marketplace Integrity Team with incredibly powerful tools to monitor potentially fraudulent user accounts on our marketplace. This has had immediate commercial benefit as well as reducing risk for Flippa. Similarly anything with a low likelihood and low impact tends to end up on the monitor queue.”
The Young Entrepreneur Council (YEC) is an invite-only nonprofit organization comprised of promising young entrepreneurs.