Poor Security Measures Make Startups Easy Hacking Targets

Security protocol seems to be a low priority for up-and-coming startups, which makes them an easy target for hackers.

AttackSocial media startups are full of energy and desperate to push their product to market. In this haste, basic security protocols are often overlooked. Snapchat has had many security flaws, and several Tor router projects were sunk by poor security. Because of this poor security, startups may have made themselves targets, according to The New York TimesBits blog.

Slack, a team communication platform, announced last week that it had been hacked during February, and the intrusion had lasted for about four days. A statement on the company blog reads:

Since the compromised system was first discovered, we have been working 24 hours per day to methodically examine, rebuild and test each component of our system to ensure that it is safe. We are collaborating with outside experts to cross-check assumptions and ensure that we are meticulous in our approach.

The blog also notes that the company will require all employees to terminate their sessions when done, and that two-factor authentication is on the way for users. This begs the question: Why was Slack not employing these practices from the start? Tripp Jones, a general partner at venture-capital firm August Capital, told Bits:

When a company reaches a certain size or notoriety, it’s going to get hacked. Unfortunately, until someone comes up with a better way, the battle has shifted to identification, containment and damage mitigation.

As startups seem to repeat the mistakes of their predecessors, it becomes clear that security only becomes a pressing concern once a serious problem presents itself. But even when a problem does present, the investment dollars don’t stop and the user bases continue to grow despite security concerns.

This indicates that companies — startups in particular — are not nearly serious enough about protecting the personally identifiable information of their users. 2014 was a terrible year for breaches, but it doesn’t appear that many lessons have been learned. Despite using encryption and likely doing their best to protect users, it doesn’t seem to be enough for Slack.

Cyberattacks are ever-increasing, and hackers are displaying increased sophistication. Indeed, startups can’t wait for a problem to occur before they take action. Ideally, proactive defensive security procedures need to be in place before a startup launches their product. Hackers will always go for the weakest systems first, and it seems like there are many of those in the startup world.

Image courtesy of Shutterstock.