Remote work calls for startups to take an active stance on cybersecurity

According to the startup accelerator Y Combinator, 70% of startups now offer remote or hybrid work opportunities. The data by the accelerator suggests that remote-friendly jobs increased 6.4 times from 2020 to 2021.

The shift to remote work is unlikely to fade out in the nearest future, too. A FlexJobs survey indicates that once the knowledge workers switched to remote work due to the pandemic, 65% of them preferred not to return to the office.

At the same time, the global cybercrime situation is putting small and medium businesses – including startups – under increasing pressure. Verizon's Data Breach Investigations Report suggests that SMBs are almost as likely to suffer a data breach as large organizations.

Juta Gurinaviciute, the Chief Technology Officer at NordLayer, a network security provider said:

Remote and hybrid work highlighted how ill-prepared many organizations were cybersecurity-wise. For remote startups operating within limited budgets, guarding themselves against cybercrime can seem an uphill battle. But it's not — there are ways to protect their assets and data without allocating excessive amounts of resources.

Cybersecurity challenges for remote startups

Contrary to the past when most startup employees often worked from a single office, remote work changed how companies safeguard their assets. Now, globally dispersed employees access company resources via their home or public networks, creating additional cybersecurity risks.

The NordLayer expert added:

Protecting a single network and having on-premise employees called for a different security approach when compared to the current remote work reality. The fencing off stopped being a viable strategy since every device, application and employee with access to company assets are now potential weak links for threat actors to exploit.

Then there is the underlapping of personal and work device usage. Various surveys indicate that over 50% of those working from home use personal devices for work, which creates additional security concerns. Additionally, work devices are used for personal reasons, including risky activities like streaming illegal content.

Finally, due to their agile nature and the need for quick onboarding, startups lack the needed cybersecurity training for new employees. Remote onboarding is a complicated process on its own, and cyber awareness training is often either non-existent or barely a formality. From a cybersecurity perspective, this is the single biggest mistake remote startups can make, as exploiting the human factor is the most effective way for cybercriminals to succeed.

Making cybersecurity a key business tenet

If there is one step remote startups can take to better protect their digital assets, that’s developing work-from-home policies. Before they get access to company resources and start working, hirees need to be aware of safe cyber practices, ways to spot and react to common threats, steps to take if they suspect they have been targeted in an attack.

These policies should include guidelines on handling sensitive information, maintaining data security and privacy, and using secure connections, among other things that can vary from company to company.

Startups could also provide their employees with tools that encrypt their traffic, passwords, and shared files to ensure none of the mentioned above are easily intercepted by third parties.

Gurinaviciute finished:

Ultimately, to protect their businesses best they can, founders and responsible personnel have to prioritize cybersecurity and make it an inherent part of the company culture. The times when businesses can afford to hold a passive stance towards cybercrime are gone and won’t be making a return anytime soon.