Step Plan to Surviving in Cybe “Ifa business thinks that it’s too small to matter to eybereriminals, then it’s footing itself with a false sense of security.” BRIAN BIRCH, SYMANTEC THREATS Steal Funds “TOR Dump Email Steal |P ‘insert Back Doors «Steal Business Intel ‘infect Customers «Steal Infrastructure DDoS Shut Down — Deface Web Site Pick Your Battles Steal Credentials +Defraud You can't secure everything, Quantity the monetary damage, likelihood, if ‘and mitigation cost of each threat to prioritize your time and resources, “Cyber attacks have escalated from common malware to sophisticated campaigns using: military-grade techniques that target your crown jewels.” DAVID COWAN, BVP Establish a Security Culture Show your team that secutity is important through communication and example. Provide periodic training, pen testing, and password management tools. Be Open with the Public Honesty is the best policy. Be transparent not only about cyber risks, but also about every- thing. You wil provoke fewer attacks, and build up some good will for when you serew up. 2 Plan for Failure Breaches are inevitable, so don't wait. Understand your legal ‘obligations and business risks, Prepare a plan to investigate, teport and mitigate breaches. Pick Secure Platforms Select compute platforms with strong secutity, such as Linux Chromebooks, iOS, Google Apps and open source systems. 4 8 Physical Security Email is the Key Easy win it's now cheap to Control an inbox, and you control a ae ose ‘with buen life, Your email service should enforce sadges and surveillance. to avoid traps, and use code analysis tools and third party security APIs, multifactor authentication, malvare/ 7 phishing filters and encryption, Use \ SPF and DKM, 5 Control the Internal Network Track every T asset. Install securely configured Bi. images on all computers. Lock down al Admin Your Website is the Front Door accounts, Use a DMZ Proxy and light SIEM. Protect your storefront and customers with a papers panic eter recites ae Web Application Firewall, anti-DDoS service, ep eenee Device ID and payment APL “When our API collapsed under a DDoS attack, we 6 ) Secure Coding é experienced more churn in that one day than we had Bake tin now -retrofts won't work. Hea inour entire history.” UN-NAMED BvP PORTFOLIO CEO DevOps security expert. Trin yourcoders = i a BESSEMER. _ Trewhite paper “Security for Startups” is available at www. BVPcom/cyber. AYP emoioyees founded Versio, Good, Defenses and SteRcisorin BVP ofes, and BVP has funded more VENTURE PARTNERS than 3o other cyber security startups, including eight IPOs and 12 private-to-public acquisitions.