Small and medium businesses should shore up their defenses as allegations of rampant spying and massive security breaches cast a pall of doubt on the safety of the Internet. Here’s some advice to help SMBs cope with growing risks and keep expenses under control.
Studies show that data security can be a crucial issue of customer/client trust. In the wake of the Snowden NSA leaks, SMBs are at greater risk than huge corporations, as they have limited money for cyber-security.
From netbooks to smartphones and picture-playing devices, employees become more and more tech-savvy and bring a wide variety of Internet-connected devices to the office. To increase efficiency and mobility, they commonly access corporate data and networks on the go, while chatting with friends, posting social media messages, listening to music and sharing pictures online.
Besides advanced persistent threats and DDoS attacks, improper BYOD measures are the weak links that can take a company offline both in terms of reputation, and profit. This is why SMBs should establish a clear BYOD policy for email, internet and mobile devices.
In April 2013, the US Army made headlines after 14,000 mobile devices belonging to its staff were given access to critical data without having management software or remote wipe functions in case they were lost or stolen.
Another worrying study showed that security pros are still grappling with lax password policies. The Lieberman Software's "2014 Information Security Survey" published at the end of May revealed that 13 per cent of respondents can still access systems at a previous place of employment by using old credentials. What was even more disturbing was that some even accessed the systems of two or more former colleagues.
This is not the first time when SMBs proved guilty of using the same password for multiple accounts. If companies continue this dangerous “trend”, attackers will keep on gaining access to all systems, once they are in.
As the high frequency of data breaches is expected to continue, here are several more tips to maximize SMB security while controlling expenses.
Perform an initial security audit. Focus less on existing holes and more on defining the likely threats.
Strengthen employee security and loyalty. The insider threat is the greatest, proportionally, followed closely by social engineering. Hire qualified professionals to train staff in good security practices and consider employee background checks.
Consolidate your assets and simplify your management by switching to virtualization, either in the cloud or on-premise.
Check provider credentials and contracts when using cloud services and carry out regular security updates on all software and devices.
Install a security management solution to consolidate control for virtualized, physical, and mobile endpoints. Remember to add firewall protections, too. Securing all devices will also increase malware awareness, making employees more conscious of online dangers, even when they navigate on the Internet at home.
Carry out regular security updates on all software and devices and implement a password policy that everybody respects (minimum eight characters, unique and complex, regularly changed).
Secure your wireless network and establish a clear security policy for email, internet and mobile devices.
Train staff in good security practices considering the present and future BYOD trends. Most attacks start with a single person that opened the wrong e-mail attachment.
Try to implement authentication and pattern-based security setups such as those used for Android lock screens. One-time password setups and key fob token generators can help you authorize transactions and offer security for very little inconvenience.
Don’t forget the danger of direct, unwanted access to confidential data. In this case, biometrics may prove a secure method to prevent hackers’ physical access to the cloud and the systems.
All companies are placed in a difficult position when giving access to corporate data, but small and medium businesses are especially vulnerable to data breaches and cyber-attacks. While they need to share more and more information to develop their business, they also have to restrict and personalize access to sensitive data, addressing ever-evolving BYOD trends.
To prevent and block hacking attacks, all things need to be ultra-secured and even non-technical employees should know how to shore up defenses.