The document discusses essential security measures for startups, emphasizing the importance of proactive security and compliance to protect corporate data from insider threats and breaches. Key recommendations include hiring security experts, encrypting communications, and creating a culture of security awareness among employees. The author also urges better practices in investigations and application designs to prevent security issues.

1. Expecting Security From the Start(up)
Andrew Case / @attrc
Volexity
NOEW | March 2016

2. Enterprise Data Needs
 Insider threat & breach investigations
 Discovery & other legal processes
 Migration & backup

3. Protecting Customers & Yourself
 Monitoring & logging of all backend activities
 Data segregation
 Written policies for data retention

4. Hire Security Help!

5. Benefits of a Security/Forensics Adviser
 Find security weaknesses early
 Compliance with industry-specific regulations
 Avoid security snake oil
 Credibility to your security program

6. Secure Your Corporate Data!
 Encrypt every internal email
 Use secure messaging & voice applications between employees
 Harden employees’ systems (software and hardware)
 Employ compartmentalization of corporate data
 Enforce 2FA *everywhere*

7.  Encourage learning of security topics
 Encourage security conference participation
 Reward secure coding and design
Encourage Security Learning

8.  Startups – please stop burning clients during investigations!
 Security architects – don’t put badly designed applications into
production!
 Bring in security/forensics help where appropriate
 Build a culture of security in your company
Conclusions

9. Comments/Questions?
 Contact:
 acase@volexity.com (3DE6E0C8)
 @attrc
 http://www.dfir.org