Start-Up Secure
eBook - ePub

Start-Up Secure

Baking Cybersecurity into Your Company from Founding to Exit

Chris Castaldo

Share book
  1. English
  2. ePUB (mobile friendly)
  3. Available on iOS & Android
eBook - ePub

Start-Up Secure

Baking Cybersecurity into Your Company from Founding to Exit

Chris Castaldo

Book details
Book preview
Table of contents
Citations

About This Book

Add cybersecurity to your value proposition and protect your company from cyberattacks

Cybersecurity is now a requirement for every company in the world regardless of size or industry. Start-Up Secure: Baking Cybersecurity into Your Company from Founding to Exit covers everything a founder, entrepreneur and venture capitalist should know when building a secure company in today's world. It takes you step-by-step through the cybersecurity moves you need to make at every stage, from landing your first round of funding through to a successful exit. The book describes how to include security and privacy from the start and build a cyber resilient company. You'll learn the basic cybersecurity concepts every founder needs to know, and you'll see how baking in security drives the value proposition for your startup's target market. This book will also show you how to scale cybersecurity within your organization, even if you aren't an expert!

Cybersecurity as a whole can be overwhelming for startup founders. Start-Up Secure breaks down the essentials so you can determine what is right for your start-up and your customers. You'll learn techniques, tools, and strategies that will ensure data security for yourself, your customers, your funders, and your employees. Pick and choose the suggestions that make the most sense for your situation—based on the solid information in this book.

  • Get primed on the basic cybersecurity concepts every founder needs to know
  • Learn how to use cybersecurity know-how to add to your value proposition
  • Ensure that your company stays secure through all its phases, and scale cybersecurity wisely as your business grows
  • Make a clean and successful exit with the peace of mind that comes with knowing your company's data is fully secure

Start-Up Secure is the go-to source on cybersecurity for start-up entrepreneurs, leaders, and individual contributors who need to select the right frameworks and standards at every phase of the entrepreneurial journey.

Frequently asked questions

How do I cancel my subscription?
Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Start-Up Secure an online PDF/ePUB?
Yes, you can access Start-Up Secure by Chris Castaldo in PDF and/or ePUB format, as well as other popular books in Business & Small Business. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Wiley
Year
2021
ISBN
9781119700753
Edition
1
Topic
Business
Subtopic
Small Business
Index
Business

PART ONE
Fundamentals

CHAPTER ONE
Minimum Security Investment for Maximum Risk Reduction

An ounce of prevention is worth a pound of cure.
– Benjamin Franklin
NO ONE PLANS ON THEIR START-UP not making it past a year of business, so you should also plan for your investment and planning in cybersecurity to scale into the future. While selecting the bare minimum may seem and feel counterintuitive and is certainly against the opinion of many cybersecurity professionals, it will ensure the continuation of the business.
Just as the heart is the first organ to receive oxygenated blood from the lungs, the continued operation of your start-up should be the number one priority. Security must enable the business to operate and find a balance as a requirement for the business. Cybersecurity is now a priority business function and no longer solely an IT issue.
When discussing cybersecurity many thoughts come to mind, all culminating with three important categories: people, processes, and technology. As a start-up, you won't always have the option of deploying all three. And even many mature organizations do not. This is why when we discuss cybersecurity we must also discuss risk and managing risk. The goal of your cybersecurity strategy should be to reduce, mitigate, and accept risk. No two organizations are the same, even within the same industry vertical. The risk of not being Payment Card Industry Data Security Standard (PCI DSS) certified could mean the loss of revenue for one organization and absolutely nothing to another.
Cybersecurity must be included in your enterprise risk management along with things like compliance, financial reporting, business continuity, etc. It should be all-encompassing and avoid siloing each off into its own risk management vertical. Cybersecurity is a huge part of all of these pieces. All of the following compliance and regulatory requirements require a varying level of cybersecurity practice and maturity (and we'll review these in more detail in Chapter 10):
  • Payment Card Industry (PCI)
  • Sarbanes–Oxley Act (SOX)
  • North American Electric Reliability Corporation (NERC)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • HITRUST
The credibility of your business is important to protect. This is why you seek professional advice from lawyers and accountants. A start-up with three founders and without capital cannot afford to hire a full-time world-class lawyer (also referred to as general counsel) or accountant, let alone a chief finance officer (CFO). There are, however, many services that offer those capabilities that can meet a start-up's needs at every phase of the scaling life cycle. You shouldn't feel concerned by the fact that you can't afford a full-time chief information security officer (CISO) or world-class cybersecurity team; alternatives exist that are appropriate for your start-up life cycle stage.
Regardless of the type of business you are starting or industry you plan to sell into, cybersecurity can scale with your idea. From a next-generation weapons system for the military or taking credit card transactions with some new smart device, security can be adequately included. Protecting your intellectual property (IP) and business doesn't require you to have decades of cybersecurity experience; it only requires a willingness and drive to learn. Not everything I discuss will be easy or “point and click,” but I will show you the steps along the way to scale your security, along with your business, from seed funding to initial public offering (IPO) or whatever your exit strategy might be.
There is a common phrase when describing old-school cybersecurity approaches where it is like an M&M – crunchy outside and soft inside. When cybersecurity is applied with a hardened perimeter, the thing you want to protect most may actually be more vulnerable from the false sense of security that is created.
When approaching cybersecurity for your new start-up you should focus on the following:
  • The data or capabilities you want to protect
  • The systems with that data or capabilities you want to protect
  • The people with access to those systems you want to protect

COMMUNICATING YOUR CYBERSECURITY

Communication is a critical part of our lives. It is also critical to the success of your business. Communicating with your fellow founders, potential or existing customers, vendors, or investors is vital. In cybersecurity, there is a common philosophy called CIA: confidentiality, integrity, and availability. To better understand this, we can apply this methodology and framework to email. In the case of the sender and intended recipients of that email, only those individuals can access the communications; the information being communicated is unmolested and it is accessible when required respectively. This philosophy is applied across cybersecurity, not just to communicate, but for this discussion we will refer to it as such. It should also be noted that each are not always equal in every situation. There may be times when availability is favored over confidentiality.
You as well as your founders will want to know your start-up is defensible, at a minimum, from the most common threats today. Your customers will want to know their data and, in turn, they are safe with you. Investors will want to know their investment is not put at unnecessary risk. Once you've addressed the topics we will cover in this book, they will all apply equally to these different audiences. Your message may vary but the standards remain the same.

EMAIL SECURITY

Email has become a digital repository for nearly everything in our lives. From communicating with our children's teachers at school, to our doctors, to our accountant when filing our taxes, it is a literal treasure trove. On top of just the sensitive data in one year of sent and received emails, our email accounts are now the key to accessing nearly all of our other accounts in other systems. Think back to the last time you reset a password. You most likely received a password reset link to your “email address on file.”
Email is not secure. This is a bold statement, so let me explain. While you may log in to your email provider that uses HTTPS – S stands for secure – in their web address, when you click to send, that email will be transmitted unencrypted across the Internet. For example, if someone was able to intercept that email when it leaves your email provider's servers they could read the entire contents. For many start-ups, it is not feasible to build and maintain their own email server, so they rely on services like Google Workspace (formally G Suite)1 or Microsoft O365.
It is important to establish an enterprise-level email account once you register your company domain name. Operating from your personal Gmail, Live, Hotmail, or iCloud email limits the security controls you can place around your account, and does not lend to the credibility of your start-up.
Both Google Workspace and O3652 are ref...

Table of contents