Protecting your early-stage startup from cyber security risk - with Susie Jones

Q&A with Susie Jones, CEO and co-founder of Cynch, on empowering founders to protect themselves, their data and their IP
October 11, 2023
Katarina Throssell

All startup founders know that the risk of a cyber security breach is very real and very serious. However, when you're constantly juggling a hundred and one things, it can be easy to let these questions slip in favour of focus on product and team, or because you don't know where to start to take back control of these risks.

We recently sat down for a Q&A with Susie Jones, CEO and co-founder of Cynch Security, to find out how she thinks about cyber risk as both a security expert and as a founder herself. She's passionate about reducing the number of small businesses who fall prey to cyber attacks each year and is committed to empowering founders to protect themselves.

Check out Susie's helpful answers to the top questions we get about how, and when, startups should be thinking about safeguarding their data, systems and intellectual property below. 

Q: When is the right time to start thinking about cyber security? 

A: As soon as a founder has something that is worth anything – think intellectual property, product designs, customer data, or customer contracts – they should be giving cybersecurity some real attention. The earlier you put controls and processes in place to protect what matters most, the easier it will be to scale these protections as your startup grows. 

Q: Given the tight funding landscape we’re currently in, what are some cost-effective, practical ways that founders can bolster their cyber security? 

A: There are many free or very cheap controls that can be put in place that will make a material difference to your security. Things like having a policy in place to verify supplier bank details over the phone before sending payments, enforcing multi-factor authentication on every account, creating an incident response plan for the event you do fall victim... All of these things are free and quick to do. 

Q: What are the trends or scams you’ve seen directed at founders? How can founders prevent or handle these attacks? 

A: Now more than ever, cyber criminals are taking advantage of people and playing on our human vulnerabilities to trick us into doing what they want. Attacks often use social engineering to generate a sense of urgency, or are sent on Friday afternoons when we’re all a bit tired, so watch out for these. The best defence to these attacks is slowing down, and generally treating all communications with a sense of suspicion. 

Q: Some of our portfolio companies don’t deal directly with sensitive data – such as customer data. Do some businesses need to work about cyber security less than others? 

A: As long as your business has something of value, you have something to lose from cyber attacks. Cybersecurity is a business risk that affects everyone, even if it takes different forms for each business. 

Cyber attacks can be broadly classified into three areas of risk: 

  1. Confidentiality 
  2. Integrity
  3. Availability

Confidentiality risks are highest for startups with valuable data. Integrity risks are highest for those with heavy reliance on the accuracy of data or systems. Availability risks are likely highest for startups relying on constant access to systems of information – for example, ransomware events that can remove the availability of those systems. 

Q: Should VCs and other investors be thinking about a startup’s cyber security plan as part of their due diligence? 

A: Yes! Investors should consider cyber security risk in the same way they would evaluate how a startup manages any of their business risks. It’s an important area that should not be left out. 

Susie Jones is the CEO of Cynch Security - Cyber Fitness for Small Business, as well as a prominent speaker, mentor, director and advisor. As an experienced cybersecurity, risk, insurance and innovation leader, Susie is on a mission to reduce the number of small businesses who fall victim to cyber attacks here in Australia each year and is passionate about finding a way to help business leaders take back control of their risks. You can reach out to Susie via LinkedIn if you'd like to chat.

Further Reading

Read ALL