Why start-ups must step up on data security
There is so much fun and sexy stuff that goes into building a start-up: hiring smart people, chasing funding, developing an exciting marketing plan, going to and hosting events, buying groovy furniture for your funky office in London’s Shoreditch or Berlin’s Friedrichshain. But however disruptive and exciting your venture, there is one area founders and young, fired-up entrepreneurs tend to forget about: compliance.
Compliance sounds like something for the grown-ups rather than the cool kids to worry about. It is a dull word and a complex subject — and one that can get you into serious trouble if you do not have as tight a grip on data protection and software licensing as you do on choosing the football table for that office.
Data protection and hacking is perhaps the scariest aspect of all this. It sometimes feels like a day never goes by without another big data breach hitting the headlines. There have been some huge breaches this year alone: Dropbox revealed in September that the login details of 68m users had been compromised in a hack that happened in 2012. In the same month, Yahoo told the world that some half a billion users’ details had been hacked and exposed. When the focus is on large companies such as Dropbox or Yahoo, it might be tempting for the founder of a start-up to think that the complexities of data protection, security infrastructure and risk management are not something she or he needs to be concerned about. Rune Syversen, co-founder of Crayon, the software licensing company, says small companies tend not to think about the necessities of compliance “until it’s too late”. He points out, however, that the complexity of compliance tends to increase the longer a company is in business, so it is wise to build it in from the start rather than to add it as a bolt-on later. Syversen is talking specifically about software asset management — keeping tabs on what software is being used in your organisation, how that is licensed and whether the licences are up to date. But the same concerns apply equally to data security.