Many companies in RebelBio’s cohort rely on their intellectual property. It can be the key to the product’s success. This intellectual property is often stored offline, on personal computers, but if the need to send intellectual property or important company documents arise, the question of data security and encryption are thought of as well. However, this is not just a biotechnology startup problem, every company encounters these difficulties. Recently the WannaCry ransomware attacked Britain’s National Health Service and some of the largest companies in Spain. Unless data has been previously backed up, there is no way to restore data because when ransomware like this attacks, the data on the computer must be wiped. With many other priorities stealing startups attention as well as an overwhelming amount of resources and tools on the market, how does a startup navigate the confusing world of data security?
Insight from RebelBio
Michael Lukesch, CEO of Valanx Biotech (Cohort 4) says, “Don’t use the cloud. Period. Drop box had a massive security breach where all data was visible for 20 minutes. That would waive any patentability for data. We are using our own private encrypted storage system for patent sensitive data.”
Bill Liao, Founder of RebelBio and SOSV investment partner, recommend that companies turn on two step authentication everywhere, setup a Google voice account as your proxy mobile provide to receive authentications, and use long pass phrases instead of single passwords.
Cohort 3 company, Helixworks has an entirely different approach than most other people and companies. They are using DNA to store digital data. As their website specifies, as opposed to the current standard of data storage, DNA can store 100 million gigabyte per square inch, lasts at least 175 years, and has an access time of 500 minutes. Therefore, when contemplating and creating your company’s next business plan consider Helixwork’s MoSS (Molecular Storage System).
A 5-step plan for starting your data security plan:
- Have a separate plan and understanding for data “at rest” and data “in motion”. “At rest” and “in motion” data make up most of the data companies handle regularly and is fairly easy to differentiate. “At rest” data is data stored on a hard drive, mobile device, or server. In contrast, “in motion” data can be accessed from multiple sources, so this is composed of data sent via email, in mobile applications, or found in browsers.
- Decide what needs to be encrypted. What emails are most sensitive? What documents should be accessible? This is an important step to take when defining a new security plan for any company. By thinking strategically about the data plan, it makes developing whether to use file level or full disk encryption easier. Now, this brings up an important point: the world of data security is a field of new vocabulary. So, file level encryption is specifically choosing the specific file to encrypt, while full disk is encrypting all data on a system or server.
- Now that we have an understanding of data and have decided what should be encrypted, how is the file or “in motion” data actually encrypted?Intel AES-NI technology and UEFI are strong options for “at rest” data encryption solutions. On the other hand, for data “in motion” it is possible to take a file level encrypted document and send it encrypted in order to protect it while “in motion”.
- Data copies are everywhere. If the data for the company is highly secretive, make sure to be aware of all copies in existence, so remember data backup files and the capacity of the current USBs.
- The entire plan needs to be written and enforced. In order to be successful, everyone, even a team of two, needs to be clear on data security rules. If the right file is unencrypted, twenty encrypted files do not matter.
Other Helpful Resources
- Forsythe’s Outline of 7 Key Elements of a Successful Encryption Strategy
- More Encryption Basics
- Useful Presentation of Deployment Strategies
- Sample Encryption Guideline from Kasperky Lab
- The Future of Using Microchips for Unlocking Data from BioNyfiken
The Importance of Implementation
The above is a bare-bones plan, but it will get any start-up started (pun-intended) to make sure they are aware of how to protect their data and key information. Just remember, in order to keep the biology rebels protected from the data hackers, know the data, make the plan, and enforce the importance.
Check out the RebelBio Cohort 4 Demo Day landing page here! Be on the lookout for the Demo Day live stream from London on July 26!