The tech startup – there is so much attached to the image. To many, it means all-night coding sessions, wild valuations, desperate attempts to earn venture capital funding, and huge potential payoff with an IPO. But tech startups have moved in a surprising direction. Earlier this month, the Consumer Electronics Show highlighted the incredible growth of the small-time "cottage" tech industry.
Startups are now making their own devices ranging from smart watches to fitness monitors to teddy bears that track your child's heart rate. (We're not making up that last one).
Tech startups have become a huge arena for small business. But the explosion of new companies unfortunately means, as NPR recently reported, that some businesses are being too lax with their liabilities and overlooking vital security infrastructure.
The Small Business Trap: Don't Avoid Security Issues
Some business owners assume they need to focus on marketing and design and worry about cyber security later. After all, if a business has no customers, it’s not much of a business. Without client data, there’s no chance of a data breach. But that's reckless. In today’s data security climate, that's like a car manufacturer saying: make sure the car looks cool, but don't worry about the air bags.
Businesses that don't prioritize cyber security from the beginning run two risks:
- That their programs won’t be capable of being retrofit with security.
- That security lapses can cause lawsuits or damage their fledgling brand name.
Cyber security is not a bridge you cross when you get to it. It's something that needs to be planned for from the beginning.
Software Testing and Liabilities: Plan for Security and Avoid Lawsuits
Developers agree: the best and most secure way to test software is iterative testing. Testing each component of a program, app, or device as you build it is the most secure way to make sure that everything works correctly and the best way to minimize a time-wasting debugging processes.
This means you can't retrofit security. Medical devices and software, for example, need to secure data at each stage. Any data leaks mean could mean huge HIPAA fines (we’re talking hundreds-of-thousands-of-dollars huge) for a medical startup. Data security must be built into the software or firmware's basic infrastructure.
Furthermore, waiting to address security concerns means exposing your business to lawsuits and bad press. Snapchat was recently hit with a data breach. Despite the fact that this messaging program markets itself as secure and discreet, it didn't build fundamental data security into its program.
You can market yourself as "secure" all you want, but if you don't actually make a secure product, you can still be sued in an errors and omissions lawsuit. While you might have E&O Insurance, we can all agree that it's better never to have to use it.
To learn more about common IT lawsuits and how to prevent them, check out "How to Avoid Errors and Omissions Lawsuits."
A Better Way for Tech Startups: Cyber Security from Day One
When small businesses or tech startups make the mistake of putting off their cyber security, what they are really saying is "we won't worry about cyber liabilities until we're hacked." That approach exposes their businesses to more lawsuits and sets a lower bar for their software, devices, or services.
IT project managers and consultants should work with their clients to understand why cyber security is so important to the future of their business.
For more on this, also check out our blog post "How to Talk Cyber Security with Your Clients," where we discussed how to teach your clients about cyber security and how to handle communications after a data breach.
