Today, technologies like cloud computing, mobility, social, and big data and analytics are enabling small- and midsized businesses (SMBs) to do more with less, reach new markets and focus on creativity and invention instead of IT.
But with all this new opportunity comes responsibility. Whether an SMB is moving to the cloud or implementing a bring your own device (BYOD) mobile program, security should be part of the plan.
Each year, cyber crime costs the economy about $445 billion, according to the Center for Strategic and International Studies, and SMBs can be attractive targets for hackers tapping into this profitable black market. SMBs tend to have weaker online security, use cloud services void of strong encryption technology and lack the robust IT and internal policies needed to protect against increasingly sophisticated cyber-crime rings, which operate with an enviable efficiency and effectiveness.
Employees are often the weakest link here: 95 percent of breaches stem from human error, and small-business employees are no exception. They may be ignorant of the latest threats (e.g., well-disguised phishing scams). They may use their personal, insecure mobile devices for work purposes (or vice versa). And they may be downloading and using vulnerable apps, creating multiple entry points for potential data breaches, hijacked information and even espionage into confidential business meetings and calls.
Hackers are aware of these vulnerabilities and are organizing themselves to exploit them, crafting highly sophisticated assaults.
But SMBs are ready to fight back. With the lessons they've learned from larger competitors, SMBs are actively seeking out ways to protect their data and intellectual property, and arming themselves against cyber attacks.
According to the International Data Corporation, SMB spending on security technology is growing, and is set to pass $5.6 billion this year, representing a significant investment in SMBs' overall IT spending. So now that they're focusing attention on and investment in security, what’s the best way to kickstart a defense against cyber criminals?
Here are the top five tips for protecting today’s SMB:
1. Create a culture of cyber security.
Because most attacks stem from human error, every employee needs to understand the importance of cyber security, no matter how large or small the company. Do your due diligence in educating your workforce, and work with your executive team to create policies and practices that protect your business.
2. Establish a security management strategy
Cyber attacks are organized, strategized and targeted. In fact, 80 percent of cyber attacks are driven by highly organized crime rings, which widely share data, tools and expertise, according to the UN Report on Cybercrime. It’s critical, therefore, that your business be one step ahead and meticulously plan for an attempted invasion. You’ll need to establish a strategic approach so that your entire environment works as an integrated defense, detecting, preventing and responding to attacks seamlessly and instantly.
3. Get organized and share.
According to a recent survey, only 36 percent of security and IT professionals currently share information with industry groups, and more than half (52 percent) do not share any information at all. There’s power in numbers, however, so the private sector needs to collaborate and share data and expertise just as effectively -- if not more -- than the cyber-criminals do. Join a leading and well-built-out cyberthreat intelligence sharing platform, and begin connecting across other companies and industries to preemptively spot threats and shut them out of your systems.
4. Implement a mobile device policy.
Although mobile has risen as the platform of choice for work, shopping and socializing, we haven’t fully woken up to the tremendous security vulnerabilities which accompany mobile devices and apps. At any given time, malicious code is infecting more than 11.6 million mobile devices. Despite this threat, a recent study revealed that 67 percent of organizations allow their employees to download nonvetted apps on their work devices.
By rooting a device through security flaws in insecure apps, hackers can access sensitive files and documents and personal data, or hijack a device’s camera or microphone to spy on meetings. SMBs need comprehensive mobile security strategies to defend against these vulnerabilities.
They need to think more broadly than just about device management. There are risks associated with mobile content, apps and the increasingly popular practice of accessing confidential business data via mobile devices. Implementing a mobile device policy is essential to protecting your business.
5. Choose security that fits your business.
Today’s SMB needs a managed security services provider that can deliver a flexible solution cost effectively, and provide a seamless upgrade path. Additionally, any security approach should include quick, easy access to skilled security professionals, who can help them respond rapidly to any issues or incidents as they arise.
The need for an intelligent, unified front to fight cyber criminals is greater than ever. Organized, complex cyber-crime is rapidly growing, cracking even the most secure companies with highly elaborate schemes. Don’t let your small business become a victim. Be prepared and fight back.