Business strategy

Why startups are cruising for a bruising if they ignore privacy and security

- November 21, 2022 3 MIN READ
horse, fall, crash
Photo: AdobeStock
The spate of global and local data leaks – privacy breaches that affected millions of Australian consumers and thousands of Australian businesses – have much to teach the corporate world: that business growth should not come at the expense of customer privacy.

These incidents tend to occur because many companies operate business models that collect, manipulate and sell customer data, especially as online and digital are deeply embedded into our lives today.

It is common to pay for products, services and subscriptions with money. For those that are ‘free’ – such as with many of the apps available today – consumers fail to realise that they are in actual fact paying either with their personal data or with someone else’s data. These two options are popular with ad companies and ad-based business models.

It begs the question: is data more valuable than money?

Marketers use data to address the growing demand from customers for more personalised and targeted experiences.

The exchange of real money for customer data is treated as an investment, in the hopes that this will unlock more revenue over a longer period than a customer with no online footprint.

While data can be retained ethically, the lack of regulations and unclear business models for protecting privacy means that some companies are collecting user data without their explicit permission.


Privacy as the core of business strategy

With data driving many business strategies, privacy and security should not be placed on the backburner. Privacy and security should be fundamental focuses, and for the businesses that do this, the risk of being exposed to cyber crime reduces.

The risks are growing.

The Australian Cyber Security Commission (ACSC) received one report of a cyber attack every eight minutes in the 2020-21 financial year.

Not only are they growing in regularity, they’re growing in severity, with a higher proportion of these incidents categorised as ‘substantial’ in impact. Think about that for a second. If an attack happens to your business in the next eight minutes, are you prepared?

Zoho research found that only 35% of Australian small businesses have a defined, documented, and enforced policy regarding personal data collected, used, and disclosed through their business. And almost half, meanwhile, are either ‘uncomfortable or very uncomfortable’ with their customers’ data being used by companies with which they had no direct relationship.

It is easy for small businesses and start-ups to overlook data privacy due to the lack of understanding. This, coupled with the misconception that cyber attacks only affect larger organisations, fewer resources and processes that aren’t protected or optimised, and suddenly small businesses and start-ups are at the forefront of these damaging threats.

While small businesses and start-ups cannot be expected to become data privacy and security experts overnight, they can start by taking concrete action to safeguard their business. That means investing in strong IT security tools, creating a privacy policy, implementing a strategy for emerging threats, and putting in place education programs for employees.


Recognising a cyber threat

Australia is a nation of entrepreneurs and small businesses who by now are heavily reliant on digital channels. This, though, makes the country’s vulnerability to growing cyber threats higher as cyber criminals adopt new techniques to take advantage of the booming digital activity. However, if we can prioritise awareness, education and action, we can help small businesses and start-ups reduce their risk.

Many small businesses and start-ups often do not realise they have been targeted until it is too late. One breach, and the financial and reputational damage it causes, can be enough to end a business. However, data security measures can help protect small businesses and reduce the likelihood of their data being compromised. Security and access management should not be limited to big corporations.

Like the breaches that hit Medibank, Telstra and Optus, cyber attacks come in many different forms such as ransomware, phishing, malware and online scams. While varied, these attacks have a common malicious intent: to disrupt business operations by damaging or stealing data. Policy makers have a responsibility to prioritise awareness and education of these threats, whilst the technology industry has an obligation to create software that has privacy built in as a core foundation, not an afterthought. Then, there’s the obligation on small businesses and start-ups themselves.


A shared responsibility

Data is often assumed to be safer offline, in on-premise servers and hard to access paper systems. This is not true and presents more risks.

Businesses can improve data security by integrating cloud security solutions. While some of the recent breaches were a result of misconfigured cloud servers, when navigated correctly, the cloud can be a powerful tool that helps ensure that only authorised personnel have access to the data the business acquired.

Every piece of cloud software has multiple layers, and each of these layers are secured to maintain data integrity.

Understanding how the cloud works and taking preventative measures to protect your data integrity is critical for benefiting from technology and building resilience for the future. Start small—like implementing data authentication method, enabling multi-factor-authentication, and setting permissions for data access.

Ask the vendors questions, train employees on best cloud practices, and make sure there is a high level of understanding on the data journey. The more unique and time-bound your authentication modes, the stronger your security system that customers can benefit from.


2024 Startup Daily Best in Tech Awards - nominations open