Security for SMBs
Getting security right means starting with employee devices, writes Nick Offin, Head of Sales, Marketing & Operations, Dynabook Northern Europe
Another Cybersecurity Awareness Month has passed, this period is always a valuable reminder for businesses that security needs to be a top priority. Whilst the news is littered with incidents of cyber-attacks on bigger companies, cybercriminals are increasingly turning their attention to smaller to medium-sized businesses (SMBs), which are potentially a much easier target. In fact, according to recent research from Ponemon Institute, 66 percent of SMBs worldwide have experienced a cyber-attack in the last 12 months.
With cyber-attacks growing in sophistication and abundance, and potential data breach fines from The Information Commissioner’s Office (ICO) now reaching levels to put smaller enterprises out of business, there has never been a more important time for SMBs to have the right cybersecurity strategy in place. So, how can SMBs safeguard against cybercriminals? Protecting company and employee data and assets is a multi-pronged challenge. However, getting the basics of cybersecurity right involves putting employee devices, with advanced security features, at the very heart of a business’ cybersecurity strategy. Not only this, but employee education is equally important.
Secure devices for SMBs anywhere, anytime
We are currently going through a ‘remote working’ revolution and smaller businesses are certainly playing a huge part in this. More and more SMBs are foregoing traditional offices and instead allowing employees to work from home, in a shared office, in a coffee shop or even whilst travelling on public transport. In fact, IDC research found that 60 percent of SMBs worldwide will have mobile worker support in place by the end of 2021. Mobile working and remote system access through BYOD devices provide great benefits to smaller businesses who may not have the budget for permanent physical office space. However, they unlock new potential threat vectors and present new challenges in relation to device management.
Regardless of this, employees are essentially a smaller businesses’ first line of defence against cyber-attacks so it’s important that the tools they are using on a daily basis are robust enough to protect against potential cyber risks. For example, laptops which have advanced biometric features and hardware-based credential storage capabilities enhances protection against password or access hacking.
Other security features such as zero client solutions go beyond this and help nullify data-related threats by extracting sensitive data from the device itself. With information stored away on a central, cloud-based system, these tools protect against unsolicited access to information if a device is lost or stolen. With 48 percent of SMBs accessing more than half of their business-critical applications from mobile devices, these solutions are particularly useful for mobile workers wanting to gain access to data remotely.
Training is vital for SMBs
Smaller businesses need to also consider employee training. According to research, almost 90 percent of data breaches are caused by human mistakes. This comes as no surprise when you consider that passwords are easy pickings for today’s cybercriminals and all it takes is for one wrong click on a fraudulent link or a laptop left on a train to compromise business data. Despite this threat, recent research has shown that only 43 percent of SMBs have sought to educate all of their employees about cyber threats. With smaller businesses remaining a prime target for cyber-attacks, it’s now more important than ever for them to educate their staff about security threats and best practices for handling sensitive information, especially as the mobile workforce is growing. Part of that training should include insight into the business’ security setup, why and how certain security solutions are being used, and their own responsibility to carry out good cybersecurity practices.
SMBs need to implement a multi-layer approach
While education should play a critical part of an SMB’s cybersecurity strategy, cybercriminals are increasingly finding new and advanced ways to get hold of employees’ data. With many of today’s most common cyber-attacks such as phishing and malware being socially engineered to rely on human mistakes, even the most cautious of staff could fall victim to an attack.
To add to this, current network infrastructure has not been built with today’s security in mind, meaning smaller businesses need to go that extra mile and implement measures that protect at the network level. To do so involves a multi-layer approach, which integrates both hardware and software.
Secure-core PCs, in particular, enable staff members to shield their devices from firmware vulnerabilities, protect the operating system from cyber-threats and prevent unauthorised access to devices and data with advanced access controls and authentication systems. Further solutions such as in-built BIOS (basic input/output system) also adds a greater layer of protection, removing the risk of potential third-party interference. Smart data encryption features also safeguard every area of a device’s hard drive, including all system files. Even if the HDD is removed, data will remain encrypted.
Big businesses may dominate the news when it comes to cyber-attacks, but SMBs are far from safe. It is therefore essential that device-level security is a major factor in an SMB’s cybersecurity strategy, giving employees the right tools to help mitigate security threats at both a hardware and software level. Although technology solutions are essential for protection, employee education is also vital. SMBs who aren’t putting employee devices front and centre or investing in training, may well find themselves next on the cyber-attack list.