By Roman Foeckl of CoSoSys
SMBs are facing a difficult period when it comes to securing digital assets – coming up against the same threats as large organizations with a significantly smaller amount of resources. Organizations are encountering increased threats on multiple fronts with the added pressure of rapidly changing user behavior over the last several years. While employees and technology users are, in general, more tech-savvy, they are also more inclined to communicate and share information on the Internet as well as bring their own personal devices into the workplace.
For smaller companies that don’t employ a full-time in-house IT person, both managers and employees are often unaware of the steps necessary to protect themselves (and their company) in addition to the security issues that can arise with bringing outside devices, USB keys, cloud storage applications, into the workplace.
As an SMB, it is imperative to know what you are up against and put security at the forefront of your business strategy.
You are never too small to be the victim of a cyber attack
Many SMB managers think they are too small to get in the attention of attackers or to suffer a data breach. This mindset is dangerous when it comes to managing company data. The size of the company is irrelevant when it comes to the value of information it can hold or when it comes to human error.
Studies have found that 71 percent of cyber-attacks occur at businesses with fewer than 100 employees with the National Small Business Association finding that half of all SMBs surveyed reported being the targets of a cyberattack. In addition to an increasing difficulty in ability to recover from these attacks, Kapersky Labs showed that SMBs reported damage of more than $26,000 for an attack on their physical infrastructure and nearly $60,000 with the involvement of virtual infrastructure in a security breach.
In addition to the growing number of ransomware, Distributed Denial-of-Service (DDoS), phishing, malware attacks and insider threats have no regard for the size of the company.
Your employees can unintentionally be a real threat
Insider threats – meaning, employee actions that voluntary or involuntary expose their company to security risk – are present in any organization, regardless of the industry and size. As a result, SMBs should address IT security with the same importance as a large enterprise. According to research from Accenture and HfS, 69 percent of enterprise security executives reported experiencing an attempted theft or corruption of data by insiders during the last year.
However, insider threats can be as simple as an employee using a cloud application not approved by IT, opening an email with malware or unknowingly sharing sensitive company data with an outside source. This is why defining security guidelines and teaching employees how to use safe practices when online is so important.
The good news though, is that there are technologies out there that are able to track employee activities and confidential information and alert the IT department of a potential data breach.
Defining IT security guidelines is paramount
Regardless of whether or not you have a dedicated IT person in-house, defining security guidelines for your employees is imperative. This can entail:
Developing a tailored data security training for employees. To ensure each employee understands the threats and feels confident they understand how to protect themselves and the company. Especially when implementing security software, employees need to be properly trained on how to use and understand the technology.
Limiting and monitoring the tools employees can download. The number of cloud storage solutions and connected devices being brought into the workplace is increasing rapidly. By proactively deploying mobile management tools, companies can monitor confidential data and ensure that employees aren’t bringing them outside the company or introducing potentially harmful files into the company’s servers.
Dividing data access among employees. Organizations can more easily control the flow of data when a clear delineation between data ownership within a company is defined. By restricting access to sensitive company materials to only those who need it, SMBs can significantly lower the chances of a non-malicious insider exposing this information.
Knowing if your current security solutions can detect an insider breach. Knowing that insiders can be a continual threat, one of the most important things is making sure you have the right software to determine a data breach the moment it happens.
New devices will continue to make their way into the workplace: Create a malleable BYOD policy
Regardless of size, any organization should look into developing a clear and malleable BYOD policy. The line between work and leisure is quickly blurring and the number of devices we are now bringing in and out of the workplace has risen drastically.
It can be said with confidence that mobile and wearable devices are just the beginning of this trend. There is a clear opportunity for companies and IT teams to develop BYOD policies that are proactive and can adjust as new technologies emerge, rather than scramble to adopt a reactive stance. Training and the review of BYOD strategies must become a regular feature in security and business planning.
In the end, endpoint protection in SMBs is different from one company to another. If most SMBs implement antivirus, firewall, some encryption, on top of that, it is up to each company what other IT security solutions will work for them. Even though there are best practices that experts recommend, there are no strict rules followed by all organizations. And that is just fine, provided that one objective can be achieved through multiple methods and as long as the objective is to protect data against external and internal threats, you can succeed at protecting your important assets and employees.
Roman Foeckl is the Founder and CEO of CoSoSys. Before founding the company in 2004, Roman worked for Goldman Sachs in Frankfurt, Germany and Paris, France. He studied business in Wiesbaden, Germany. After the acquisition of CoSoSys by Astaro and the subsequent acquisition of Astaro through Sophos, Roman together with Michael Bauner took the company private again in a Management Buyout (July 2011), with the goal to build CoSoSys and its Endpoint Protector product family in the leading content aware Data Loss Prevention (DLP) and Mobile Device Management (MDM) offering on the market. Roman’s vision is to offer an easy to use and implement Data Loss Prevention Solution that covers all popular platforms, from Mac OS to Windows and Linux, so large and small businesses can protect their data against accidental loss or intentional data theft.
The views, opinions and positions expressed within this guest post are those of the authors alone and do not represent those of CBS Small Business Pulse or the CBS Corporation. The accuracy, completeness and validity of any statements made within this article are verified solely by the authors.