A Security Checklist for your Startup

By Greg Keller Posted August 29, 2016

Online network security is a major issue for any IT organization. In fact, it is a major issue for just about every corporation on the planet.

The Internet has become an essential part of doing business regardless of industry type. But it also introduces a gateway for threats.Therefore, every IT organization needs to understand how to protect itself. Hackers no longer distinguish between small and large companies. In fact, a small company could still be a conduit to significant digital assets. Those assets don’t necessarily need to be banking information. Many state-sponsored hacking rings are after intellectual property – a significant asset for many startups. As a result, every startup must have comprehensive security strategy.

Startups are short on time and money. They usually don’t have the same resources as larger organizations. They are also sometimes lacking security experience. These challenges make it all the more critical that startups have a focused strategy that dramatically increases their security while reducing the likelihood of a breach. A startup can make a huge impact on their security without breaking the bank by making smart decisions. Below, you will find ways to increase your startup’s security.

A Security Checklist For Your Startup

Controlling User Access

One of the most critical parts of any security network security strategy is to control user access to the IT resources within your infrastructure. This includes devices, applications, and the network. Provisioning, deprovisioning, and modifying user access is a painful process for most IT organizations. All too often, organizations end up creating mini-directories rather than creating a central directory service that integrates with everything in the infrastructure. For a cloud-based directory services option, take a look at the Directory-as-a-Service® platform from Jumpcloud®.

Securing Devices

It’s critical to patch devices, set configs and secure systems, and constantly monitor those devices. This is true for laptops, desktops, mobile devices, and servers. They need to be up-to-date and secured at all times. For device management help, check out Automox.

Locking Down The Network

WiFi is the most common mode of network infrastructure in modern organizations. But there is a problem with WiFi: it is more easily hacked than a wired network. By definition, a wireless signal is available to more people than a wired connection. Today’s SSID and passphrase approach is not enough. WiFi access needs to be connected to the core directory service via RADIUS to create unique access. The passphrase to the WiFi network will no longer be enough; you need to have an account on the network.

Encrypting Critical Data


You must encrypt all of your core data, whether it is at rest or in flight. That means understanding where critical data is stored and adding encryption. Most often, critical data is stored in databases, making it crucial to ensure data encryption within those databases. What about data in transit? Use secure tunnels to move data. There are any number of solutions to choose from in this space, but this section will require a bit more work than the others.

Train Your Staff

Perhaps the weakest link in your network security strategy will be your staff. They will take shortcuts or not realize that they are making a security mistake. A little training can go a long way toward minimizing user-induced issues. If you don’t have the time to train them yourself, feel free to send them our webinar that addresses a number of security issues. They will definitely learn something new and, hopefully, change some behaviors.

Startups Take Aim At Security

As a startup, not having enough time or money to secure your business is not an excuse. The hackers are attacking everybody, and they are searching for easy targets. Taking a few of the steps outlined in our security checklist will be well worth the time. If you follow these steps to protect your startup, hackers will move on to another target.

If you would like to learn more about how JumpCloud’s Directory-as-a-Service platform can support your security program, drop us a note. Identity management security is one of the most important items on the security checklist for you to address.

Greg Keller

Greg is JumpCloud's Chief Product Officer, overseeing the product management team, product vision and go-to-market execution for the company's Directory-as-a-Service offering. The SaaS-based platform re-imagines Active Directory and LDAP for the cloud era, securely connecting and managing employees, their devices and IT applications.

Recent Posts