Running a start-up enterprise and planning on investing in cybersecurity and wary of the costs it would entail?

Don’t be discouraged. Cybersecurity need not be all that expensive.

There was once a licensed Math teacher who became a tech journalist and then an editor for a newspaper subsidiary, where he was promoted to Managing Editor in six months. When the subsidiary folded, he started and ran his own company, an online publication.       

Already having the knowledge at his disposal from his experience as a tech journalist, he ran his website with a minimal budget on cybersecurity measures, concentrating on the basics such as password security when having his team develop articles on WordPress.

Not all of us have the tech savvy to immediately be able to plan and budget for the cybersecurity infrastructure that meet a start-up enterprise’s requirements, but here are some steps that we can take to arrive at that objective:

1. Consult a cybersecurity professional. It would not do to just purchase all those impressive hardware that may be on sale over the internet: external hard drives and encrypted USB drives. You do not put the cart before the horse by spending first and then having the goods installed afterwards.

Camille Erika Sarte, the owner of, wanted to “legitimize the online side of the pet industry.” They do not sell pets, just a variety of pet products. There was a time when the company temporarily closed its dog section. Ironically, it was during that time that their cat section found a reliable market. Now, their dog section is open again.

Relying on income from pet products, what did she spend on cybersecurity She hired a Data Protection Officer in their office. Petwarehouse does not actually keep credit card info — these are all encrypted by a third party payment portal.  What it does keep is a database with the names, contact numbers, and delivery addresses customers provide when they order. To make sure financial data is secure, the company does not maintain its own payment portal, but partner with big payment portals like PayPal, for which the cost is minimal.

2. Start with the basics that would cost you nothing or next to nothing such as password security (using a strong password or making use of a password manager, and obtaining an SSL Certificate).

Having a strong password, and regularly changing passwords, is a very basic precaution. Why should you put an easily guessed password like “accounting” when the password possibilities are nearly limitless? If you are too busy to think of a strong password, and changing it regularly, do it automatically with a password manager.  

If you plan on running a website, you need to be aware that SSL is an acronym for Secure Sockets Layer. Look for the “https://” in the address bar. When it’s not there, then that site has no SSL Certificate, which does not necessarily mean that the site is unsafe, but according to Google, two-thirds of the internet was unsafe in 2017. Better safe than sorry.  

Both a password manager and an SSL Certificate can be obtained for free – at least initially. Antivirus software can also be installed for free.

3. Use tools such as Google analytics, Network Security Architecture Review (NSAR) and penetration tests to determine the weaknesses of your system and act accordingly on obtaining the needed cybersecurity measures to address them.

NSAR, as its name implies, determines where weakness in your system configuration lies, while pen tests let you know where you can likely be hit from various points of entry: from human error, as well as on the software/hardware side. Google analytics may be something you have heard of in connection to the number of hits (meaning how many people it reached) that an article may have accumulated but like NSAR and pen tests, analytics is just a way of gathering data, studying it, then making the proper adjustment.

If the data points to some of your employees being susceptible to e-mail scams, such as phishing or trying to get credit card details, then do what Ms. Sarte did in step 1.

4. Read more about cybersecurity. Robert de Niro, as a villain in the movie “The Bag Man”, reprimanded John Cusack in one scene, saying: “You would really derive great benefit from reading.” The same holds true for cybersecurity.