Start-Up Secure
eBook - ePub

Start-Up Secure

Baking Cybersecurity into Your Company from Founding to Exit

Chris Castaldo

Partager le livre
  1. English
  2. ePUB (adapté aux mobiles)
  3. Disponible sur iOS et Android
eBook - ePub

Start-Up Secure

Baking Cybersecurity into Your Company from Founding to Exit

Chris Castaldo

DĂ©tails du livre
Aperçu du livre
Table des matiĂšres
Citations

À propos de ce livre

Add cybersecurity to your value proposition and protect your company from cyberattacks

Cybersecurity is now a requirement for every company in the world regardless of size or industry. Start-Up Secure: Baking Cybersecurity into Your Company from Founding to Exit covers everything a founder, entrepreneur and venture capitalist should know when building a secure company in today's world. It takes you step-by-step through the cybersecurity moves you need to make at every stage, from landing your first round of funding through to a successful exit. The book describes how to include security and privacy from the start and build a cyber resilient company. You'll learn the basic cybersecurity concepts every founder needs to know, and you'll see how baking in security drives the value proposition for your startup's target market. This book will also show you how to scale cybersecurity within your organization, even if you aren't an expert!

Cybersecurity as a whole can be overwhelming for startup founders. Start-Up Secure breaks down the essentials so you can determine what is right for your start-up and your customers. You'll learn techniques, tools, and strategies that will ensure data security for yourself, your customers, your funders, and your employees. Pick and choose the suggestions that make the most sense for your situation—based on the solid information in this book.

  • Get primed on the basic cybersecurity concepts every founder needs to know
  • Learn how to use cybersecurity know-how to add to your value proposition
  • Ensure that your company stays secure through all its phases, and scale cybersecurity wisely as your business grows
  • Make a clean and successful exit with the peace of mind that comes with knowing your company's data is fully secure

Start-Up Secure is the go-to source on cybersecurity for start-up entrepreneurs, leaders, and individual contributors who need to select the right frameworks and standards at every phase of the entrepreneurial journey.

Foire aux questions

Comment puis-je résilier mon abonnement ?
Il vous suffit de vous rendre dans la section compte dans paramĂštres et de cliquer sur « RĂ©silier l’abonnement ». C’est aussi simple que cela ! Une fois que vous aurez rĂ©siliĂ© votre abonnement, il restera actif pour le reste de la pĂ©riode pour laquelle vous avez payĂ©. DĂ©couvrez-en plus ici.
Puis-je / comment puis-je télécharger des livres ?
Pour le moment, tous nos livres en format ePub adaptĂ©s aux mobiles peuvent ĂȘtre tĂ©lĂ©chargĂ©s via l’application. La plupart de nos PDF sont Ă©galement disponibles en tĂ©lĂ©chargement et les autres seront tĂ©lĂ©chargeables trĂšs prochainement. DĂ©couvrez-en plus ici.
Quelle est la différence entre les formules tarifaires ?
Les deux abonnements vous donnent un accĂšs complet Ă  la bibliothĂšque et Ă  toutes les fonctionnalitĂ©s de Perlego. Les seules diffĂ©rences sont les tarifs ainsi que la pĂ©riode d’abonnement : avec l’abonnement annuel, vous Ă©conomiserez environ 30 % par rapport Ă  12 mois d’abonnement mensuel.
Qu’est-ce que Perlego ?
Nous sommes un service d’abonnement Ă  des ouvrages universitaires en ligne, oĂč vous pouvez accĂ©der Ă  toute une bibliothĂšque pour un prix infĂ©rieur Ă  celui d’un seul livre par mois. Avec plus d’un million de livres sur plus de 1 000 sujets, nous avons ce qu’il vous faut ! DĂ©couvrez-en plus ici.
Prenez-vous en charge la synthÚse vocale ?
Recherchez le symbole Écouter sur votre prochain livre pour voir si vous pouvez l’écouter. L’outil Écouter lit le texte Ă  haute voix pour vous, en surlignant le passage qui est en cours de lecture. Vous pouvez le mettre sur pause, l’accĂ©lĂ©rer ou le ralentir. DĂ©couvrez-en plus ici.
Est-ce que Start-Up Secure est un PDF/ePUB en ligne ?
Oui, vous pouvez accĂ©der Ă  Start-Up Secure par Chris Castaldo en format PDF et/ou ePUB ainsi qu’à d’autres livres populaires dans Business et Small Business. Nous disposons de plus d’un million d’ouvrages Ă  dĂ©couvrir dans notre catalogue.

Informations

Éditeur
Wiley
Année
2021
ISBN
9781119700753
Édition
1
Sujet
Business
Sous-sujet
Small Business

PART ONE
Fundamentals

CHAPTER ONE
Minimum Security Investment for Maximum Risk Reduction

An ounce of prevention is worth a pound of cure.
– Benjamin Franklin
NO ONE PLANS ON THEIR START-UP not making it past a year of business, so you should also plan for your investment and planning in cybersecurity to scale into the future. While selecting the bare minimum may seem and feel counterintuitive and is certainly against the opinion of many cybersecurity professionals, it will ensure the continuation of the business.
Just as the heart is the first organ to receive oxygenated blood from the lungs, the continued operation of your start-up should be the number one priority. Security must enable the business to operate and find a balance as a requirement for the business. Cybersecurity is now a priority business function and no longer solely an IT issue.
When discussing cybersecurity many thoughts come to mind, all culminating with three important categories: people, processes, and technology. As a start-up, you won't always have the option of deploying all three. And even many mature organizations do not. This is why when we discuss cybersecurity we must also discuss risk and managing risk. The goal of your cybersecurity strategy should be to reduce, mitigate, and accept risk. No two organizations are the same, even within the same industry vertical. The risk of not being Payment Card Industry Data Security Standard (PCI DSS) certified could mean the loss of revenue for one organization and absolutely nothing to another.
Cybersecurity must be included in your enterprise risk management along with things like compliance, financial reporting, business continuity, etc. It should be all-encompassing and avoid siloing each off into its own risk management vertical. Cybersecurity is a huge part of all of these pieces. All of the following compliance and regulatory requirements require a varying level of cybersecurity practice and maturity (and we'll review these in more detail in Chapter 10):
  • Payment Card Industry (PCI)
  • Sarbanes–Oxley Act (SOX)
  • North American Electric Reliability Corporation (NERC)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • HITRUST
The credibility of your business is important to protect. This is why you seek professional advice from lawyers and accountants. A start-up with three founders and without capital cannot afford to hire a full-time world-class lawyer (also referred to as general counsel) or accountant, let alone a chief finance officer (CFO). There are, however, many services that offer those capabilities that can meet a start-up's needs at every phase of the scaling life cycle. You shouldn't feel concerned by the fact that you can't afford a full-time chief information security officer (CISO) or world-class cybersecurity team; alternatives exist that are appropriate for your start-up life cycle stage.
Regardless of the type of business you are starting or industry you plan to sell into, cybersecurity can scale with your idea. From a next-generation weapons system for the military or taking credit card transactions with some new smart device, security can be adequately included. Protecting your intellectual property (IP) and business doesn't require you to have decades of cybersecurity experience; it only requires a willingness and drive to learn. Not everything I discuss will be easy or “point and click,” but I will show you the steps along the way to scale your security, along with your business, from seed funding to initial public offering (IPO) or whatever your exit strategy might be.
There is a common phrase when describing old-school cybersecurity approaches where it is like an M&M – crunchy outside and soft inside. When cybersecurity is applied with a hardened perimeter, the thing you want to protect most may actually be more vulnerable from the false sense of security that is created.
When approaching cybersecurity for your new start-up you should focus on the following:
  • The data or capabilities you want to protect
  • The systems with that data or capabilities you want to protect
  • The people with access to those systems you want to protect

COMMUNICATING YOUR CYBERSECURITY

Communication is a critical part of our lives. It is also critical to the success of your business. Communicating with your fellow founders, potential or existing customers, vendors, or investors is vital. In cybersecurity, there is a common philosophy called CIA: confidentiality, integrity, and availability. To better understand this, we can apply this methodology and framework to email. In the case of the sender and intended recipients of that email, only those individuals can access the communications; the information being communicated is unmolested and it is accessible when required respectively. This philosophy is applied across cybersecurity, not just to communicate, but for this discussion we will refer to it as such. It should also be noted that each are not always equal in every situation. There may be times when availability is favored over confidentiality.
You as well as your founders will want to know your start-up is defensible, at a minimum, from the most common threats today. Your customers will want to know their data and, in turn, they are safe with you. Investors will want to know their investment is not put at unnecessary risk. Once you've addressed the topics we will cover in this book, they will all apply equally to these different audiences. Your message may vary but the standards remain the same.

EMAIL SECURITY

Email has become a digital repository for nearly everything in our lives. From communicating with our children's teachers at school, to our doctors, to our accountant when filing our taxes, it is a literal treasure trove. On top of just the sensitive data in one year of sent and received emails, our email accounts are now the key to accessing nearly all of our other accounts in other systems. Think back to the last time you reset a password. You most likely received a password reset link to your “email address on file.”
Email is not secure. This is a bold statement, so let me explain. While you may log in to your email provider that uses HTTPS – S stands for secure – in their web address, when you click to send, that email will be transmitted unencrypted across the Internet. For example, if someone was able to intercept that email when it leaves your email provider's servers they could read the entire contents. For many start-ups, it is not feasible to build and maintain their own email server, so they rely on services like Google Workspace (formally G Suite)1 or Microsoft O365.
It is important to establish an enterprise-level email account once you register your company domain name. Operating from your personal Gmail, Live, Hotmail, or iCloud email limits the security controls you can place around your account, and does not lend to the credibility of your start-up.
Both Google Workspace and O3652 are ref...

Table des matiĂšres