Jason Lemkin answers his own questions
Have you ever assessed cyber risk before doing a due diligence?
1. Data management risks
Before the actual due diligence check, experts have to carry out a sourcing and structuring process in which the most important documents are selected and filtered. A data room shouldn't contain all of the company's records - excessive information doesn't make sense because it drives stakeholders crazy and increases costs for the seller. When choosing the most valuable data, it is important to consider where the most relevant information comes from and where it is kept in order to capture potential cyber threats.
2. Technical Risks
If data is stored in an Internet environment, an IT audit must be carried out in which the security of the software and applications can be measured. Data encryption and all other systems used for data security should be carefully analyzed.
3. Risks from the company
Companies share their data with third parties and contractors. Who has access to this data? Which channels does the data pass through? Any outside organization that has information about the company must be secure enough to prevent data leakage.
4. Employee risks
How many employees in a company have access to valuable information? Could the number be reduced? This is likely because it is usually not necessary for so many people to have insight into the most important company information. An audit with a view to reducing the number would be advisable, also because employees - as we described in one of our last posts - are still the largest source of data leaks.
5. Past experiences
Has there already been a data breach in the company? If so, when and through which channels? Companies should record such incidents in order to take preventive measures against data breaches of all kinds.
Small businesses run bigger risks
Not only large companies are exposed to risks, but small start-ups in particular are easy targets for cyber criminals because they have smaller data security departments. Many of these companies may not even be able to see the real risks looming over them, or even spot attacks that are already affecting their networks. Therefore, the cyber risk vocabulary and potential sources of attack must be defined before carrying out your own assessment.
As Jason Lemkin, founder of SaaStr, writes:
“Your first security audit is inevitable. Don't roll your eyes. Don't shrug your shoulders. Don't let your team postpone it. Here's the trick, the twist - it's a gift. A detailed, written security audit. Because that is your roadmap into your necessary and better future. The first of these audits will be 20 pages and hundreds of questions. You will fail with many of them, while others will only pass with woe. That's not OK, but that's the way it is. If there are 200 questions and you can only answer 20 of them with a clear “yes”, use the remaining 180 as part of your product roadmap towards a better future ”.
At this stage, the best option might be to hire a CSO - Chief Security Officer.
Countless advantages speak in favor of being on the cyber-safe side. If you buy a company with a security problem, you buy the problem too!
- What causes cloudy weather
- Rabbits can be effectively potty trained
- Where can I find scrap iron
- Is contact farming better than home farming
- What were the main achievements of Duke Kahanamokus
- What nutrients are in mushrooms
- How does society create role models
- What's your favorite book for 2019
- All private insurance companies are scams
- How do cell phone towers work
- Why should I support Ohio State Football?
- Why are some blankets called Afghans
- How do I switch to Google Fi
- People wear t-shirts under henleys
- In which mineral is lead?
- Vloggers are allowed to vlog in stores
- How do nematodes and annelids differ from phyla
- Are sesame seeds beneficial after a workout
- When is an INTJ not open?
- Concerns you a conservative parent
- How can you get in touch with strangers
- Loud noises cause brain damage
- Is the Dutch king legally immune to international law
- How can I stop humiliating myself