Seven ways to protect a startup from cybercriminals

When it comes to creating a startup, the security of user data should be a priority from the onset. This was one of the main recommendations BBVA’s Chief Security Officer, Álvaro Garrido, offered at the last Open Summit. There he discussed the challenges cybersecurity poses to entrepreneurs with Jess García, the founder and CEO of the company One eSecurity.

The experts explained that the fight against cybercrime has drastically changed in recent decades. Now, a small company with 10 or 20 staff that operates in the digital world must be capable of facing potential attacks from large teams of professionals, who operate in a coordinated manner around the world and in real time. “It’s a battle that can be very asymmetric and it’s important to be prepared for that,” recalled Garrido, who indicated that security must be integrated in the foundations of the company from the start because it’s not something that can be added at the end. “You should think of security as you build your business,” he said.

Garrido stressed the importance of putting data protection in a privileged position in the company’s cybersecurity strategy. “It’s essential to classify company data and build the defense strategy around the data,” he argued.

Experts summarized the cybersecurity advice offered to the audience, primarily comprised of entrepreneurs, in seven key factors:

1. Consider security a fundamental priority
2. Build the defense strategy around data protection
3. Protect company and user data
4. Cover basic aspects of security
5. Implement security and privacy from the beginning of the software development cycle
6. Train employees in cybersecurity
7. Build a security ecosystem through partnerships with third parties

But none of these recommendations or security measures will work if a “cybersecurity culture and awareness” is not fostered among employees: “It is very important to avoid attacks in which the cybercriminals use social engineering to attack the company,” Garrido emphasized.

Meanwhile, Jess García, who has over 20 years of experience in cybersecurity, recalled that 80 percent of cyberattacks are still due to the human factor and basic security mistakes. “Make sure that everyone in your organization understands the real risks of cybersecurity because that is usually the type of vulnerability they exploit,” he added. The expert pointed to examples like ‘phishing’ where employees receive malicious links sent to the company.

In this regard, he also recommended always having “multiple layers” of security that allow the company to protect itself, even if one of the basic defense mechanisms fails. “It’s important to have several layers so that if the cybercriminals find a vulnerability, it will not automatically put company data or valuable assets at risk,” he explained.

Knowledge sharing and collaboration

Despite the complex environment cybersecurity chiefs must face today, García also reported that there have been several improvements in recent years, especially when it comes to collaboration among companies.

“Several years ago, companies worked on their defense on an individual basis, but now they work in large teams that share information with each other,” he said. This makes it easier to join forces due to the creation of multidisciplinary teams that have in-depth knowledge of the current risks and can help this information reach those in charge of the companies’ first line of defense.

Thanks to the increase in cooperation and access to information, according to García, the key today lies in focusing on “understanding what the risks are, who can attack us, and how they can do it,” and from there, define the cybersecurity strategy. “That’s what is changing. Now we can search for and find information about the risks we are facing and how to defend ourselves against them,” concluded García.