Start-Up Secure. Chris Castaldo

Чтение книги онлайн.

Читать онлайн книгу Start-Up Secure - Chris Castaldo страница 12

Start-Up Secure - Chris Castaldo

Скачать книгу

      Open source software, which is a legitimate free option, can also come with risks. Depending on the country your start-up is founded in, you may need to pay close attention to open source software from specific countries and geographic locations. This applies to antivirus software or anything else you use in your start-up.

      So, what do they call antivirus these days? Marketing has now rebranded this technology as endpoint detection and response (EDR). While it does have many more features than the popular antivirus software of the 90s and 00s, it still has basically the same functions and keeps your device secure. We'll dive into this more in Chapter 4.

      Setting a passcode, passphrase, pattern, or fingerprint is the first line of defense to protecting the data on your phone and the data it has access to. Nearly all modern devices support these features and you should enable them when you buy the phone or do so immediately. There are many lines of thought on which option is most secure, again a larger discussion than can be covered in this book, but you should enable at least one of them. You should also encrypt your phone in the case that it is lost or stolen. While most thieves resell the phones and don't attempt to retrieve data from them, encrypting your phone will provide peace of mind if it goes missing. Both Google and Apple offer the capability to find your phone if it is lost, or remotely delete all sensitive data if it is stolen. These features are not enabled by default and you should ensure you switch them on for any device you use for conducting business.

      When a device is lost or stolen you have now lost your ability to log in to services that require your MFA code, such as Google Workspace or Apple iCloud. Both services have procedures that will allow you to log in after an emergency but it can be a lengthy process. Both services do allow you to set up an emergency phone. This should be someone you trust explicitly: a co-founder, spouse, or another family member whose device you could quickly access in an emergency. So preferably not someone that lives on a different continent. Or you could even have a second phone that you leave locked away for such an event, depending on how critical your data is.

      Regardless of the stage of your company – formation, validation, or growth – these are all unique starting points and require a different effort and level of investment of resources. Understanding the foundational components will help you determine where you must start or where you need to accelerate projects. Not everyone bakes in cybersecurity from the day they sign the documents to legally form their business.

      Identify the stage your company is at and then build your cybersecurity program to at least that level. Make sure you identify the risks that may have been overlooked in previous stages of the company. Both technical debt and cybersecurity debt are a real thing. The longer you put it off, the more that debt scales with your business.

       Determine what stage your business is at: formation, validation, or growth.

       Define and write down who your ideal customers are.

       Write down what industries they are in.

       Write down what data, if any, you will process, store, access, or in any way have access to.

      1 1. https://workspace.google.com/

      2 2. https://www.office.com/

      3 3. https://www.virtru.com/

      4 4. https://signal.org/

      5 5. https://wickr.com/

      6 6. https://slack.com/

      7 7. https://www.microsoft.com/en-ca/microsoft-365/microsoft-teams/group-chat-software

      8 8. https://enterprise.verizon.com/resources/reports/dbir/

      9 9. https://authy.com/

      10 10. https://www.lastpass.com/

      11 11. https://aws.amazon.com/

      12 12. https://azure.microsoft.com/en-us/

      13 13. https://github.com/

Скачать книгу