We already wrote about putting you on the [fast track to entrepreneurism]. There are incredible numbers around entrepreneurs making their way into the country. This is especially true in The Golden State. There is another thing that is true. Whether you’re just starting your business or a leader in an established organization, you have to deal with risk.
The ability to mitigate risk in your organization’s infancy is necessary for success. Entrepreneurs juggle the requirements of trying to reduce the impact on taxes. They follow a list of mandatory regulations longer than a CVS receipt. All while trying to find new business and actually deliver what they sell.
Ever-Changing Risks with Internet Businesses
Let’s consider some of the ever-changing risks of doing business with the internet. You can start to understand how data leaks and account compromises happen. Most of us don’t have the luxury of having a Chief Information Security Officer (CISO) the way fortune 500 companies do.
How should you make sure your company can survive the ups and downs that are part of doing business?
Make a Business Continuity Plan
Sounds like work, right? What exactly is a continuity plan? Well, it’s a simple concept. A continuity plan is a preparedness and response plan to account for anything that might cause your business to come to a screeching halt. This includes everything from planning for taxes to IT-based disaster recovery. You want to know what to do when your card payment system fails.
Be prepared to work anywhere and at times that are best for you.
Pretty imposing for sure. The best part of a continuity plan is that you don’t have to sit down and map it all out in advance. Sure, there are some things that you need to be ready for… like keeping the lights on. Everything else can be added to the plan as you identify potential risk.
This is such a broad topic. Let’s dive into what you should be doing to put your company in a position to reduce risk when it comes to IT.
Future Proof Technology
We’re going to focus on a few strategies to help make sure your company is in a good place with the future in mind. The best way to secure your future? Make sure you actually survive to see that day. Your company will need to use technology for accomplishing your day to day work. Accounts payable, customer relationship management, and human relations will also use technology. The public cloud plays a significant role in each of these.
Securing Your Cloud Accounts
We won’t get too far into the nuts and bolts of things. But with any cloud service provider it’s important to secure the account you’re using. Your identity needs to be secure. The first step: enable multi-factor authentication for that account.
Multi-factor authentication requires entering a password plus having a second factor to help ensure you are the owner of the account being logged into.
The second step: Use the same account for each of your public clouds. That’s not to say the same account name and password, but literally the same account to sign into everything.
Sounds like putting your eggs in one basket, right? Well, that’s kind of true. It also means you only have one place to maintain security. This way, you will know when your accounts might be in the hands of a crafty Nigerian prince (for those of you too young to remember).
Ok, but how do we make the same account work for Amazon, Microsoft, Google, and DropBox? Companies like Microsoft, Amazon, OKTA, and Ping all provide a service called “identity management.”
You use their service to manage the account that works across the board in your organization. From there, it’s just a couple of short clicks to enable multi-factor authentication (MFA) for everyone. Why such an emphasis on MFA? Because it can prevent 99.9% of all attacks on your accounts. Your company is far less likely to suffer a catastrophic data breach.
What does that even mean? I can’t really keep my workloads in multiple places at once, right? The whole point of being multi-cloud is to ensure you’re not relying too heavily in one single place for everything. Sure, Microsoft has Office 365 for all kinds of awesome collaboration technology. They’ve also got Azure for a more traditional cloud to host web sites, machines, or apps. But should you put everything up there blindly? Probably not.
When you partner with a cloud service and trust them with your data, they immediately gain leverage over your organization. However, if you were to have relationships with one provider for collaboration, another for cloud compute (IaaS), and another for customer relationship management (CRM), it affords your organization a level of flexibility. You have the ability to negotiate with multiple vendors for the offer that fits you best! Avoid vendor lock-in.
Splitting your workloads into multiple clouds means that you’re not susceptible when an incident impacts a single cloud. Avoid having a single cloud hosting everything. Sure, they all offer incredible availability and support, but it’s your responsibility to make sure your business will survive. Why leave it up to them?
Splitting your workloads across multiple clouds provides another layer of protection.
This is likely the most important aspect of risk management: making sure you’re future proof. As the person responsible for the long term success of your company, understand and plan for the loss of key parts of your business process.
How will it impact it your business? What’s the business impact of your salespeople not being able to access email remotely for a period of time? Is that impact worth it to make major investments in ensuring availability? That’s an easy one. Now extend that same chain of thought to each of your processes (support, accounts payable, sales, marketing).
Design a Cybersecurity that fits your business. Is it too much or not enough?
In addition to process, what’s the impact of a data breach or critical data loss? Likely catastrophic in most cases. That impact is exactly why we place such a focus on securing identity. We also want to make sure that we’re securing your data. Aside from the reputation damage of data loss, or your customers’ data hitting the internet, what’s the immediate financial impact due to fines or litigation for mismanaging that data. Does that justify investing in cyber insurance?
Take action. There are some things that you need to identify as risks right away. Make a plan to ensure that it doesn’t cripple your business. Things like accounts payable need protection. Map accountabilities. Who calls the power company when the lights go off. Who contacts American Express when your card payment system is unavailable. It’s important to address the challenges associated with building a solid foundation for repeated growth. For more tips on quickly scaling your business, click here.
It sounds scary, but as you continue to grow as a company it only increases risk. You become a target. You rely on more partners or third parties. You and your company become more accountable for failures. Make sure that you take the necessary steps to make sure that you keep the future in mind for your business!