If you run a small and medium sized business (SMB) and think your company is too small to be targeted by cybercriminals, think again.
According to Symantec’s 2013 Internet security threat report, 50 per cent of all targeted attacks were aimed at businesses with fewer than 2,500 employees. In fact, the largest growth area for targeted attacks was businesses with fewer than 250 employees.
With limited or no IT resources, how can SMBs better protect themselves against cyber threats? Here’s what you need to know:
Know what information you have
This may seem like a no-brainer, but with so much data and information being created by organisations each day, it’s important to take stock of what you have, such as customer records, employee data and work plans, so you can better protect those assets. For example, confidential financial data should only be available to those who need it. Then, secure it using a log-in system that tells you who downloaded the data and when.
Secure your devices
Sensitive information may be shared across multiple devices in your company. Knowing how information is being circulated will help you decide the best way to secure your devices and applications. In general, all devices should be installed with IT security software. Better still, encrypt all hard drives to protect your data even if your devices fall under the wrong hands. Both Windows and Mac OS X support full hard disk encryption. You may also want to create an inventory of hardware and software on your corporate network, and detect possible vulnerabilities using a tool such as Nessus Vulnerability Scanner.
Train staff on security principles
Employees are often the weakest link in IT security. They may click on fraudulent links and install malware on their PCs unknowingly, or upload files to a public cloud service so they can continue to work at home. Establish an IT security policy to lay down the ground rules. If you need help, refer to IT security management standards such as the ISO/IEC 27001, which covers areas such as software installation, security testing and response to security incidents. Even with a policy in place, make sure employees understand the policy and consequences of their actions. An easy way to start would be to organise IT security awareness workshops to update employees on IT security trends.
Back up your data
A study carried out by AVG revealed that SMBs would rather tidy their desks than back up their data. More than half of small businesses surveyed in North America and the United Kingdom do not insist that employees back up data on their computers every day. About a quarter still leave longer than a week between backups. With more cybercriminals targeting small business data, the stakes of running a business without backing up valuable corporate information are high. Data losses could erode consumer confidence, productivity and revenue.
Passwords and authentication
Requiring employees to use strong passwords is not enough. Make sure they change passwords at least once a quarter to stay doubly safe. Unfortunately, until biometric security becomes the norm, the need to change passwords regularly will remain with us for a while. Also, consider implementing two-factor authentication (2FA) tools, such as Yubico’s new FIDO U2F Security Key, to make it harder for cybercriminals to break into your systems. SMBs that are using cloud-based e-mail services such as Gmail should also turn on the 2FA feature to guard against unauthorised access to e-mail accounts.
I think that it is very important to train the staff all the time and tell them about the danger of BYODs and how to cope with it. I would also recommend installing an effective network monitoring solution for companies. For example, the tool Anturis is able to see how the devices work in the network and how the network itself works and if it is necessary the tool will alert you beforehand and you will avert a problem.