The media is driving cyber security and the concept of cybercrime into our mainstream world. Improved awareness is terrific, as we all have data, experiences and a world to protect, big or small. As cyber criminals continue to develop new ways to breach systems and networks it is more important than ever to provide, small businesses to enterprises with the proper protection and information to integrate, connect and bring awareness to the growing number of cyber threats that we face day to day.
With SMBs making up 99.7% of all employer firms, it is important that both the private sector and government find ways to help small businesses stay protected. SMBs have become ideal targets for cyber criminals because they store a lot of customer information, possess valuable intellectual property and have budget constraints.
As small businesses adapt to the latest technologies they should also be cautious of potential threats, especially when it comes to the adoption of mobile devices and cloud services. With their sights set on getting the most out of their security budgets, SMBs often lose sight of the importance of a well-rounded security solution. However, their business, intellectual property and customer data need to be protected as much as that in any large organization. The focus now is on how information technology helps SMBs protect themselves against potential threats.
What are the growing trends SMBs should look out for?
1. Mobile Device Security
The mobile device has become much more than a device used for communication, it has become a way for people to conduct, manage and support their businesses. By the end of 2013 the number of mobile-connected devices is expected to exceed the world’s population, according to the Cisco Visual Networking Index.
With SMB owners trying to be cost effective, this means more and more employees bringing their own devices (BYOD) to conduct their day to day business. What does this mean for SMBs? With the number of mobile malware exponentially increasing every day, there is more opportunity for cyber criminals to prey on those unprotected devices. This leaves SMBs struggling to maintain security and control over a wide spectrum of devices that their employees use for work.
2. Migration to the Cloud
Another IT trend that serves SMBs particularly well is the migration to the cloud. SMBs can find real efficiencies in outsourcing their IT and communications systems to the cloud. They can reduce costs, improve offerings, eliminate complexity and have less need for on-site IT staff. These are great objectives – as long as security is not sacrificed.
The problem lies within the services that the cloud providers offer. Most do not offer a forensic capability as part of their base offering. This means that if a company’s data stored in the cloud is breached, it will cost the company more time and resources that law enforcement or a security firm use to trace and remediate the breach.
As the adoption of mobile devices and cloud storage continues to be a trend so will the importance of security. There are several recommendations for SMBs to better protect themselves from cybercrime.
Security must first become top of mind with SMBs and not just when a breach happens. All companies large to small should implement integrated and connected security system with real-time situational awareness of threats. This means that all phones, laptops, desktops and servers must be connected to allow networks over time to recognize threats before they can overtake the network functionality.
Mobile devices can pose more of a danger than the traditional PC, as they sport location information, are easily stolen, and often contain personal information of not only the owner but hundreds of friends, family and contacts. These fun, convenient little devices are very vulnerable. Small business owners can take the following precautions to make sure their employees’ devices are secure:
- Educate employees on their role in protecting the organization, its data and brand against theft, loss or malicious use
- Use complex, alpha-numeric passwords
- Have policy controls over memory card usage and encrypt data
- Protect against Trojans with black listing and whitelisting applications
- Install firewall on the mobile device to restrict inbound connections and prevent use of the mobile device as a bridge
When it comes to cloud storage SMBs should make sure their providers offer certain protections even if it is through a third party provider. Also before putting anything into the cloud, make sure the value and sensitivity of the data is understood. Only after there is a complete inventory of the data should SMBs move it over to the cloud.
Not only is it important to make sure that you know what data is going into the cloud it’s equally important that all channels of traffic (email, web and authentication) that move data to and from the cloud are secure.
There is only so much an SMB can do on its own, which is why both the private sector and government need to lend a helping hand. By providing security for not only mobile and cloud platforms the security and IT industries need to keep their focus on innovation. Government can help by enabling initiatives that will facilitate the sharing of cyber intelligence to the private sector. This enables smaller companies to access the intelligence (mathematical indicators of threat behavior) protection mechanisms that to date are limited to larger organizations with security budget. In return, that same intelligence set that can now attach to smaller businesses because the facilitated information sharing can now add to the knowledge that is used to protect the larger businesses, TO borrow a word from the Department of Homeland Security, this creates an ecosystem, constantly changing and adapting to new threats.
Small and medium businesses comprise most of our network ecosystem, and often harbor intellectual property and personal information just as larger businesses do. We need to include them in the network intelligence at low or no cost, to help them help us protect our future.