You are founding your start-up and you feel like building your own house. Obviously, you need to draw a blueprint, buy building materials, and find professionals. You also have to ask yourself another important question: "when do I consider doors and locks?". You might close your "house" in the middle of construction, but you already know that you will include this matter in the general plan.
The security of a start-up is basically the same thing. It is really important to include a strategy security in your general business plan.
Let’s do it, step by step.
First step: define your corporate security.
The aim of corporate security is to minimize threats and damages to a firm and to ensure the continuity of business activity. Security is a tool which helps you preserve your data, money, and invested work. So, it is necessary to define from the beginning a global security strategy to identify each weakness and find adapted solutions.
First of all, it is necessary to define what is for you “confidential data”. For example, it may be details of your new product in development or your customers’ details.
Once done, it is easier to analyze your processes and identify loopholes. And you will use your own concept of security all the time, without radical or too expensive changes.
Second step: 5 guidelines to apply
Now you have to insert the security concept to your business strategy. Five guidelines will help you to bring order in your business.
1. Define your confidential data. What is really important to keep confidential?
2. Secure your corporate activity center. How could you control both your office and your system?
3. Compartmentalize confidential areas and corporate data. Who really needs access?
4. Centralize your security technologies and save your information in a safe place. Where would your confidential data be safe?
5. Just like you have to know your customers, you have to know who are your business partners. Who are the people you work with?
For each of those questions, don't be afraid to think as a competitor. You must think like a competitor. You need to understand how a potential competitor could attack, yes, attack you. This way, you will discover your weaknesses and your strengths.
Third step: evaluate your corporate risks.
Risk evaluation: here we are! For you, entrepreneur, there are three advantages.
First, it allows you to know your start-up. I mean to really know it. How does it work and what are its faults? In many cases, managers have a global vision of their organization. They also want to believe that the situation is better than it really is. A methodical review of an organization is like a medical check-up. Basically, to find out what is the true side of the organization and improve it.
Secondly, it will allow you to prioritize, i.e. to define a priority order based on important and urgent criteria. A good risk evaluation summarizes all the threats in a table of likelihood vs. consequences. The goal of this type of table is to understand what is insignificant and what is catastrophic, as well as what is very rare and what is almost certain, with nuances in the middle.
Thirdly, remember that you are a decision-maker. This kind of systematic evaluation is a wonderful tool in the decision-making process. As everyone knows, to make a decision you need to search for information. Once you have found it, it is critical to analyze data correctly. A major part of decision-making involves the analysis of a finite set of alternatives described in terms of evaluative criteria. Another problem is what specialists call “information overload”, i.e. you have too much information but no appropriate tools to understand it. As we have established, a systematic evaluation of your organization right from the beginning is a very strong tool in this process. It will help you in both times of routine, and those of crisis.
Fourth step: from problem to solution.
To make it simple, risk evaluation is based on five main steps: gathering of data, identification of loopholes, risk analysis, risk prioritizing, and defining solutions.
Gather data – search for information about your company: from open sources, employees, customers, providers, and even competitors.
Identifying loopholes – found weaknesses in your company: mainly human and technological but also regarding business processes.
Risk analysis – understand the real meaning of your weaknesses: from insignificant to catastrophic, from rare to almost certain.
Prioritizing of risks – prioritize weaknesses and grade them from very low to critical.
Solutions definition – define solutions you can give to each weakness: very important to define an appropriate solution (taking into account your strengths, the type of your organization, and the problem).
Regarding this step, we recommend you to ask for a professional evaluation. Indeed, this document will help you when your business grows. It will also allow periodical update and improvement.
Now you already know your start-up. In fact, you are about to turn potential into reality. It is very important to remember that an expensive solution is not always a good solution. A good solution is a specific response to a specific problem. For you, it means an adapted solution to each of your specific problems.
In many cases, a simple response is good enough, like changing passwords every three months or to install a camera in your office. The most important is to have a security plan and to follow it. If you know what you need, you will be able to apply it by yourself in almost all cases.
And there is a reason why every startup needs to include security matters from the beginning. Don’t forget that “knowledge is power”. Who needs to know? You or your competitor?
Have any questions regarding the article? Feel free to ask the author on the relevant thread in our Facebook GroupRubin Beniard is the Founder of Insec Consulting. 20 years of experience in consulting, intelligence and security management in law enforcement and in the private sector, principally in Israel and Europe. Graduated with a Master’s degree in Political Science and International Relations from the Sorbonne University in France, he is a specialist of international terror