Viral success is the dream of just about every small business these days. Whether the business model is a website where users can upload videos for free, or a special app that gives people the ability to share the cost of a rental car, the idea of overnight success is just plain intoxicating.
And the advent of the sharing economy hasn’t helped. The successes of “collaborative consumption” companies have been staggering. Seven-year-old Uber, which these days is leading a popular movement to block more California regulation of car-sharing services, has been valued at $17 billion. Six-year-old accommodations facilitator Airbnb last April successfully closed talks with TPG for additional capital that raised its value to $10 billion, reportedly exceeding the value of Hyatt Hotels. Smaller startups like FlightCar, MonkeyParking and a variety of crowdsharing models, while not as spectacular in their commercial success have also seen the glory of overnight stardom that comes from offering something truly disruptive and unexpectedly cool.
And then there are those startups that have also experienced the challenges that come with overnight growth; challenges that in some cases have pitted them against local bylaws and attracted the attention of government regulators. In some cases, customer data became subject to court subpoenas. In more than one case, the very legality of the company’s right to operate became a contentious issue that put the privacy of its users at potential risk.
But gutsy business models and disruptive concepts aren’t the only areas where engaging and popular companies take risks. Those qualities are, after all, part of what defines today’s cutting-edge concepts. The real risks that startups often take, says Symantec’s small-to-medium business (SMB) expert Brian Burch, is with the security of their data.
Burch, who serves as the vice president of product marketing for Norton, is well known in the SMB community and well versed in some of the issues facing growing startups these days. In most cases, he says, the risks that companies experience aren’t defined by whether or not they are “collaborative consumption” models. Rather the risks are defined by inexperience, lack of preparation or lack of awareness of today’s rapidly changing cyber environment.
And changing it is. A report released by Symantec earlier this year reveals that 30 percent of ‘phishing’ attacks were leveraged against small businesses with 1-250 employees. Burch points out that the majority of small businesses that are hacked can’t survive the data breach and damages to their customers’ loyalty. As a result, the small business will often fold within a year. “So we really are talking about life and death here.”
Another chilling figure from the report indicated that the number of breaches went up by 62 percent in 2013 compared the previous year (from 156 to 253), but the number of identities that were exposed through those breaches were up by 493 percent (from 93 million to 552 million). That indicates that hackers have become more sophisticated and successful at gaining access than before.
“I think as the threat landscape has evolved over the time from what many people are familiar with as ‘hacking,’ — some typically young person with tremendous coding skill, mischievous as all getout, anxious for glory — that has all given way to cyber criminal activity and syndicates,” says Burch. Most telling is Symantec’s report in 2009 that cyber crime had surpassed the drug trade as a money-maker.
So pre-planning is absolutely essential to a startup’s success these days, says Burch. And that research phase needs to include IT infrastructure as well as a solid understanding of the legal and financial pitfalls the company might run into with its innovative concept. He recommended seven key steps that businesses must keep in mind in today’s fast-paced and often aggressive marketplace
- Make a solid IT infrastructure part of your founding team focus. “I hear more about startups, very small startups, with one, two, three founders who have an IT professional in the founding leadership team,” says Burch. And that’s because infrastructure really is the company. Since most startups feature cool apps that help the users interface with the services, it makes sense from a functional standpoint. But it’s also vital for the company’s security. Today’s criminals prey on companies that don’t make their infrastructure a priority from day one.
- Don’t depend on just one or two levels of protection. Use a multi-layered security process that goes beyond anti-virus software and the firewall and includes onsite and offsite data security, as well as mobile security. “There is so much rich capability now that can defend and make it incredibly difficult for the hackers to get through five layers of protection if you will, that it truly is an ounce of prevention is worth a pound of cure.”
- Check with the experts. Make sure you have vetted your startup idea with an attorney and have access to legal counsel. If you have a brainstorm for a new app that will allow users to use public facilities quicker, or get to the airport faster, great, but don’t be afraid to run your concept past a lawyer who you can count on if you should run into unforeseen problems. And remember that great ideas attract lots of attention. Take advantage of all expertise before you shine the spotlight on your new startup. “Increasingly the value of many of these business models is leveraging the data that they are able to aggregate.” That data can often be of great value to more than just your company. Know your rights and their boundaries.
- Enforce a “Bring Your Own Mobile” from the start. “[Have] a very solid and well-defined ‘bring your own device’ (BYOD) policy that sort of balances both the privacy of the employee or the individual and the security of the company. Have it written down and followed.” Good “mobile hygiene,” Burch says, “can go a tremendous way to protecting the data that is so critical to the company.”
- Remember the fence is only as strong as the weakest link. To that end, governments across the world are working to create a cyber security framework that will help reduce cyber attacks. Four of the top 10 data breaches to occur took place in 2013. “So I believe the U.S. government and other governments around the world are really taking a collective approach,” Burch says. That includes last year’s Executive Order, which was directed at improving cyber security. But companies should rely on the government to set up safeguards, says Burch. “These novel companies have to make this a priority day 1 because they can’t assume that anyone else is going to protect them.”
- Never forget hackers are in business for themselves. The cyber criminals “are small businesses in themselves, and they have a criminal and nefarious set of objectives,” Burch says. They will take the time to research and target a small business that they think is ill-prepared. “A lot of the criminal networks will actually look for small businesses to penetrate, and then they use the small business to sneak into the back door of the customers of that small business.”
- Expect your customers to be mobile-savvy. Encourage mobile hygiene by staying on top of what’s out there, remaining approachable and educating your customers about how to identify your app. Help them “understand whether the app in question is a mainstream app and has millions of downloads rather than something that looks like it that only has tens of thousands.” And practice the same careful process yourself when downloading apps.
The new modus operandi of cyber criminals isn’t a broad-based strike against hundreds, or thousands or millions of victims as it once was, but rather the carefully researched strategy of a targeted attack. That means staying up on the newest cyber protection strategies is critical.
“[That] hyper growth curve can just be so sexy, but more than ever, companies of that ilk that have a great idea and who rocket to success absolutely positively need to understand that the same spotlight that gets trained on them that helps propagate their business success attracts the nefarious interests that are out there who are small businesses like they are.”
Staying informed, using well-researched business resources and keeping up-to-date with software and tools that protect not only the company’s resources but also those of its customers, are all part of what will convert today’s small business startups to tomorrow’s viral successes.
Image courtesy of Symantec