Logo

    Articles

    Contributions et remerciements

    Contributions and Acknowledgments

    Politique de confidentialité

    LinkedInRSSInstagram
    IT risk management and cybersecurity
    🔐

    IT risk management and cybersecurity

    Catégorie
    4. Customers & Users
    Sous-catégorie
    4.3. Data management
    Stade
    Seed

    ⬅️ Back to the guide

    Co-authored with Cyrius, a collaborative platform against internal threats. Promotion EDHEC Entrepreneurs S21 - Future 40 Station F (2022)

    What is at stake?

    🔥
    How to safeguard your startup from cybersecurity risks ?

    Why is it important?

    image
    Startups enjoy significant media exposure (...) with press articles, constant communication, and extensively covered fundraising activities. Speaking of fundraising, it involves financial resources, which can attract potential ransoms or means of blackmail. If I were a hacker, Crunchbase would be my CRM !

    Achille Morin Lemoine, CEO of Cyrius

    Cybersecurity is a crucial concern for startups, offering the following benefits:

    ➡️ Mitigating Increasing Risks: Cyber attacks are on the rise each year, and these threats can jeopardize a startup's survival.

    In practice, a startup's most valuable asset are its data, and accessing this data has become easier. Data leakage can have dramatic consequences for stakeholders and the startup's operations, as was seen in the sudden halt of operations for myNurse (Techcrunch, 2022).

    ➡️ Gaining Competitive Advantage: A strong security posture can be a competitive edge, and VC funds are increasingly evaluating the cybersecurity maturity of their investments.

    Three key steps to take action

    1️⃣ Educate Yourself and Raise Team Awareness about these Challenges

    The risk is very real: more than half of the companies (60%) that are cuberattacked go bankrupt within 18 months of the attack (source).

    To minimize human risk, training your team in security issues is crucial. In particular, teams should be regularly tested through phishing simulations because 91% of attacks start with an email.

    2️⃣ Implement "Best Practice" to Mitigate Risks

    ‣
    Use a Password Manager

    A password manager (such as Dashlane or 1Password) ensures the strength of passwords and facilitates sharing credentials among team members (to eliminate identical passwords stored on documents or Slack...)

    ‣
    Prioritise SSO - Single Sign-On

    This is the well-known "Sign in with Google" (or other platforms) button. It significantly simplifies the login process as users don't need to create a new set of credentials.

    However, it makes the central account through which the entire team connects each time even more sensitive, as it consolidates access to other services. This is why the use of a password manager remains essential.

    ‣
    Enable multi-factor authentication (MFA/2FA).

    This reduces the risks of unauthorized access by 99%. This is the system used by banking services, which send a notification through an alternate channel (SMS, app, etc.) to validate an operation.

    Teams occasionally perceive it as restrictive, so if it is not set up for all services, it is advisable at least to enable MFA/2FA for the most critical accounts (for instance, messaging tools). It's worth noting that the majority of tools we use on a daily basis have a Multi-Factor Authentication (MFA) system that can be activated in the settings.

    3️⃣ Formalize these best practices in an IT charter

    ⚖️ The IT charter is a legal document that outlines specific usage guidelines for internal IT resources (information systems) within a company.

    It specifies the tools that employees must use and details the proper usage of these tools.

    The charter is provided to every employee upon their entry into the company and is attached to the internal regulations. It serves to establish a culture of internal security from the moment employees join the company.

    📚 Resources and further reading

    ‣

    📖 The Startup Security 101: 10 Key Actions (Cyrius)

    Article in French 🇫🇷

    Le 101 de la sécurité en start-up : 10 actions clés

    Achille Lemoine nous partage ses méthodes et stratégie pour scaler dans un article Tribes.

    www.followtribes.io

    Le 101 de la sécurité en start-up : 10 actions clés
    ‣

    📝 Data Security Policy Template (Apiday)

    Data Security Policy Template (Apiday) - English 🇬🇧

    Modèle de politique de sécurité des données, proposé par Apiday.pdf192.6KB
    ‣

    📝 IT Charter Template (Coover)

    Article in French 🇫🇷

    Exemple de charte informatique (Mise à jour 2023)

    Exemple de charte informatique ᐅ Conseils et avis d'experts indépendants - Comparatifs intelligents - Outils gratuits en ligne. Déjà 3 millions d'utilisateurs.

    www.coover.fr

    Exemple de charte informatique (Mise à jour 2023)

    ✍️ They contributed to the writing of this document

    Cyrius specializes in human risk management in cybersecurity through a platform that ensures the security of employees from their entry into the company until their departure from it.

    image
    Cyrius | Sécurisez vos équipes, sans compromis.

    Réduisez automatiquement les cyber-risques pour vos employés grâce à notre plateforme 5-en-1

    cyrius.co

    Cyrius | Sécurisez vos équipes, sans compromis.

    < Back to the guide

    image