Edgar Versteeg • 11 July 2018

5 tips to start today

In June I had the honour to act as chair at the IoTTechExpo for the IoT Innovations and Privacy and Security track at Amsterdam. It was a busy event organized around topics as IoT, Artificial Intelligence and Blockchain. When chairing the day dedicated to cybersecurity in the area of IoT innovations I found it striking to see that still so few people in the audience are aware of the risk of cybercrime especially related to the Internet of Things.

I recently published and article about the rising awareness of IoT Security. People involved professionally with IoT should be aware of the security impact, was my assumption, also due to the media presence of the DDoS and ransomware attacks that received much media attention. How wrong could I be? A representative in the audience of an IoT start-up asked a question which touched me. ‘I am aware of the security risks and have taken all kind of measures, still I am unsure what can I do to protect my start-up against state actors (hackers)?’ The drive in his approach, but also uncertainty whether he did the right thingmoved me to write this blog about my personal top 5 tips to start with as a start-up to implement a security measure immediately.

To reach a security level of 100% is not possible and also not a clever thing to do from a cost perspective. I think that it should absolutely be clear that it’s almost impossible to protect your start-up with limited means against state actors. And this should also not be your first priority. Focus on the basics first. A well-known statement among security professionals is the fact that a security plan should be top down and cost effective. Which means it should be related to the business goals first and their should be a solid business case. As for start-ups this is a tricky thing as the revenues are still small and the team focuses on the product or service first. Can security than be overlooked? No, absolutely not, but I do understand the need to prioritize. However getting the basics in security right should keep you in business. As the most common mistakes make you the most vulnerable this should be reasonable for every start-up up to fix.

My personal top 5 recommendations:


  1. The start of every security plan should be a risk analysis. Define your crown jewels, what is the core of your business model? Is this a sophisticated algorithm, is this intellectual property or proprietary software to name just a view. What kind of personal data of your customers do you gather, how do you use it and what kind of protection is needed. What are the most obvious risk scenarios? Based on this you have created a starting point in the definition of defining the security controls to put in place.
  2. Define a set of basic defence for your infrastructure. Do you make use of off the shelve software or do you build your own web or customer facing applications? Make sure websites and web applications are protected against script kiddies, cross site scripting attacks and SQL injections as they part of the OWASP top 10. If you are unsure of the level of protection contact an independent security professional to perform a check or have ethical hackers perform a penetration test, this feedback will help you to improve the security of your start-up.
  3. Most start-ups use popular software tools as Slack, Google, Salesforce, Microsoft and Trello just to name a few. Make sure two factor authentication is switched on to increase the level of protection when users log on the apps you use. Identity management is important to look at, who is autorized to do what. I can imagine in a small team it’s easily overlooked but don’t miss out the impact when you can not track down security events to an individual. So do evaluate and reconsider the way your reach out credentials to your staff at a periodic basis and especially when your startup grows it makes sense to look again at the division of rolesand responsibilities.
  4. Practice a calamity; cyber incident … what could go wrong goes wrong at an unforeseen moment. Do you know what to do, who is in charge in case of a crisis, is there a template telling your team what to do. Do you have an incident response plan? This could come out very handy if not to say it’s can be life saving for your start-up. In case of an emergency it can all become quite emotional and nasty.
  5. Train staff in security awareness, as the human factor is the most important. Phishing attacks happen all the time and malware is all around us. An up to date antivirus and patched workstations is important, but more important is a team of professionals that uses it’s common sense and reaches out to their colleagues to warm them about striking events.

There is much more to tell about cyber security and setting the defence, but the main thing is to be aware of the risks and get a sound understanding of what you could do to protect your business. Cyber security is considered to be complex and costly and that’s understandable … information security is a technical field of expertise and risk prevention is not on most people priority list. Unknown makes unloved. Do not hesitate to consult an expert to help you out or to reach out to your peers in the industry for help.

The best thing to do in life is be prepared and think one step ahead.

I do not have the illusion of delivering a comprehensive plan for the security of a startup. This is only a recommendation. I like to hear general tips, comments and reactions.

#startup #disruption #cybersecurity #IoT # Internet of Things #security #information security

Pig butchering an online romance scam explained

by Edgar Versteeg 12 March 2024
An growing online romance scam named as pig butchering explained

Transforming the world of mobility

by Edgar Versteeg 12 October 2023
"Driving the Shift from an Analog to Digital business model in mobility"

Empowering SMEs with Cybersecurity Awareness

by Edgar Versteeg 17 September 2021
"How to make small and medium enterprises aware of the power of cybersecurity"

Social Energy Networks

by Edgar Versteeg 25 November 2020
How to trigger consumers and prosumer to rethink their relationship with energy?

Keynote about blockchain technology

by Edgar Versteeg 14 February 2024
In February 2019 I was asked to provide a keynote to the staff of DIQQ and Q-GRP about the potential of blockchain technology. Below is a short summary of my talk. What is blockchain, and what are the benefits? In my view, the power of blockchain consists of three elements. Blockchain is a new technology that enables participants in a distributed network to securely exchange data. Network security is protected by applying cryptography. A well-known definition is a shared ledger containing all network transactions, accessible to everyone. This database offers maximum transparency, unlike other databases that are often shielded. Data and network security are maintained through cryptography, making it impossible to hack a blockchain or manipulate data. Today, cybersecurity is a significant concern, and when you look at well-known hacks (e.g., Mt Gox), you'll see that hackers targeted the exchange platform or wallet but not the blockchain technology itself. Blockchain technology lacks value without an ecosystem for sharing data. Its strength lies in being open-source technology, allowing anyone to contribute to the ecosystem. Additionally, in the decentralized network, peer-to-peer exchange of 'data' or 'value' is possible, a particularly powerful feature. No central authority or middleman is required, allowing for significant efficiency gains. Moreover, crypto-economics or game theory plays a crucial role in blockchain. This involves protecting the network by considering 'rules' and 'adversarial thinking' (‘What could participants do to disrupt the network?’). Designing the ecosystem and desired and undesired behaviors among all (decentralized) participants can be encoded using incentive mechanisms (tokenization and smart contracts), which holds great potential. The interplay between a well-designed ecosystem, game theory's design patterns, and applying cryptography to concrete customer needs or use cases determine blockchain's success. Blockchain in Practice Blockchain is a powerful technology applicable in various forms, often combined with existing technology. Experimentation with various blockchain applications is underway worldwide, focusing on creating value for customers and sharing information transparently and efficiently with chain partners. A well-known example is bitcoin, which can be viewed as an alternative economic system. The bitcoin network is supported by participants, with cryptography protecting the network and facilitating value transfer. Unlike the euro, there is no central party influencing the operation of bitcoin or the ecosystem. This brings several benefits. However, the governance of a blockchain ecosystem is crucial to prevent undesirable behavior, given the atmosphere of 'get rich quick' schemes and fraud surrounding crypto. Worldwide experimentation with blockchain applications is ongoing, with the potential to significantly disrupt existing platforms like Uber, Netflix, and Facebook. Smart Contract A smart contract involves programming transactions occurring on a blockchain. A blockchain can carry value (e.g., bitcoin), which is automatically disbursed when a transaction meets certain conditions. This means processes in the financial, legal, and logistics sectors can be significantly optimized, requiring fewer human interventions to monitor network transactions. Many startups and corporates are developing blockchain applications with the potential to have a substantial impact on the increasingly digitized world. Maturity Blockchain technology is still in its infancy. After the hype in 2017 and early 2018, things have settled down. Blockchain's strength lies in its ability to carry value (e.g., a cryptocurrency) and program desired behavior in the ecosystem, such as tokenization and the application of smart contracts. Although the value of various cryptocurrencies like bitcoin has significantly declined recently, many companies continue to experiment with blockchain technology with conviction. In short, the technology is still evolving, and finding the right use cases or product-market combination remains a challenge. In my role as a product owner, this is what makes my work so challenging! The full article can be read [In Dutch] on the DIQQ website

Are we on the eve of the blockchain breakthrough?

by Edgar Versteeg 19 August 2019
In the past months, there were some interesting markers which I would like to share with you which could potentially indicate fundamental changes in the blockchain ecosystem.

Odyssey hackathon

by Edgar Versteeg 18 April 2019
Winner of the 2nd prize in the hackathon focused on the inclusive finance

Tracking the trends that steer our industry

by Edgar Versteeg 11 April 2019
Trends around blockchain that steer the automotive industry

Do you fall for the tricks of internet scammers?

by Edgar Versteeg 18 March 2019
Test your online security awareness

The pace of change

by Edgar Versteeg 4 July 2018
Everyone is talking about digital transformation and the shaping of the most thrilling customer journey ever. However not everyone is sailing on a speedboat. Learn by what frontrunners do to succeed in their digital journey.
More posts