Step Plan to Surviving in Cybe
“Ifa business thinks that it’s too small to matter to
eybereriminals, then it’s footing itself with a false sense
of security.” BRIAN BIRCH, SYMANTEC
THREATS Steal Funds
“TOR Dump Email Steal |P
‘insert Back Doors «Steal Business Intel
‘infect Customers «Steal Infrastructure
DDoS Shut Down — Deface Web Site
Pick Your Battles Steal Credentials +Defraud
You can't secure everything, Quantity
the monetary damage, likelihood, if
‘and mitigation cost of each threat to
prioritize your time and resources,
“Cyber attacks have escalated from common
malware to sophisticated campaigns using:
military-grade techniques that target your
crown jewels.” DAVID COWAN, BVP
Establish a Security Culture
Show your team that secutity is important
through communication and example.
Provide periodic training, pen testing, and
password management tools.
Be Open with the Public
Honesty is the best policy. Be transparent not
only about cyber risks, but also about every-
thing. You wil provoke fewer attacks, and build
up some good will for when you serew up.
2
Plan for Failure
Breaches are inevitable, so don't
wait. Understand your legal
‘obligations and business risks,
Prepare a plan to investigate,
teport and mitigate breaches.
Pick Secure Platforms
Select compute platforms with
strong secutity, such as Linux
Chromebooks, iOS, Google Apps
and open source systems.
4 8 Physical Security
Email is the Key Easy win it's now cheap to
Control an inbox, and you control a ae ose ‘with buen
life, Your email service should enforce sadges and surveillance.
to avoid traps, and use code analysis tools
and third party security APIs,
multifactor authentication, malvare/ 7
phishing filters and encryption, Use \
SPF and DKM,
5 Control the Internal Network
Track every T asset. Install securely configured
Bi. images on all computers. Lock down al Admin
Your Website is the Front Door accounts, Use a DMZ Proxy and light SIEM.
Protect your storefront and customers with a papers panic eter recites ae
Web Application Firewall, anti-DDoS service, ep eenee
Device ID and payment APL
“When our API collapsed under a DDoS attack, we 6 ) Secure Coding é
experienced more churn in that one day than we had Bake tin now -retrofts won't work. Hea
inour entire history.” UN-NAMED BvP PORTFOLIO CEO DevOps security expert. Trin yourcoders =
i
a
BESSEMER. _ Trewhite paper “Security for Startups” is available at www. BVPcom/cyber.
AYP emoioyees founded Versio, Good, Defenses and SteRcisorin BVP ofes, and BVP has funded more
VENTURE PARTNERS than 3o other cyber security startups, including eight IPOs and 12 private-to-public acquisitions.