Freshly launched startups often don’t have the funding for a fully formed security team, but a data breach or a privacy overreach can be deadly for a new company. That’s why Facebook security engineer Benjamin Strahs is joining TechCrunch at our D.C. meetup and pitch-off this week: He’ll offer advice to founders about how to bootstrap a secure culture at their companies.
Facebook is a social media company, not a security firm — but, considering the wealth of personal data it holds, security has to be a consideration for everything Facebook does. Facebook has over the past few years rolled out encrypted messaging, secure browsing and new account authentication and recovery methods to make sure users’ data stays safe.
Facebook also routinely tests its own systems for vulnerabilities and invites the public to do the same through its bug bounty program.
But smaller companies don’t always have the financial or engineering resources for new privacy features and security programs — which is why Strahs encourages founders to use open-source frameworks and centralize their risk so they can address it more easily.
Strahs has led education initiatives for his non-technical co-workers, teaching them how to recognize phishing schemes and other suspicious behavior. It’s not just about securing your infrastructure — you have to make sure your employees understand how to keep themselves secure and how to protect user data.