By Kevin Timms, COO and Co-founder of Streamwire
In the past year it seems a day hasn’t gone past where a high-profile cyber breach has not been documented in the media – and it seems that there will be no slowdown in the year ahead. Already in 2017, Lloyds bank has suffered at the hands of a DDoS attack, preventing a number of customers accessing their online banking. Further, in February the disclosure of two separate hacks resulted in Verizon securing a $350m discount on their acquisition of Yahoo. The deal’s closing date has also been pushed back to the second quarter of 2017.
The news tends to focus on big-scale attacks against large organisations, but cybersecurity is just as much of a business issue for SMEs. It can be argued that smaller enterprises face an even greater challenge because they will likely lack the resources and experience that larger organisations have to tackle threats. A larger proportion of IT budgets are often assigned to business as usual IT rather than making improvements, and it is also more likely that responsibility for IT will fall on the shoulders of executives who are not IT specialists.
For cyber criminals, SMEs are often an easier target. A lack of security systems and processes mean criminals find less resistance when trying to compromise systems and a have a higher chance in stealing valuable data. A critical challenge for SMEs is the use of personal devices in the workplace, commonly known as bring your own device (BYOD). Such an approach for devices has been particularly useful for SMEs trying to develop more flexible ways of working, but the security implications have often not been as well considered.
A 2017 report by Tenable Network Security sets out the challenges. According to the report, UK security professionals’ confidence in accurately assessing cyber risks has fallen from 73 per cent to 59 per cent from 2016’s report, with the biggest challenges facing IT security professionals today including “low security awareness among employees” and a “lack of network visibility” due to bring your own device (BYOD) practices and shadow IT.
As the threat from cyber security has increased, so has the responsibility of every employee to better understand the risks they face from hackers, and to work constructively with IT teams to make sure processes are followed.
The flexibility of BYOD can in turn lead to risks with employees downloading and using unsecured, third-party apps on personal devices that are not sanctioned by IT teams. Simple passwords and unlicensed software can also contribute to increased security threats.
Encrypting BYOD devices and guaranteeing that they are as secure as other systems in an organisation can help solve the visibility and security issues, but all employees must follow the same regulations. Additional security measures involve using a mobile management tool for tablets and smartphones, which can enforce policies such as strong passwords on the device and remotely deleting any company data by resetting it, if lost. If BYOD is offered, then the same level of security offered through anti-virus software and other security policies need to be maintained on personal devices. These steps serve as a starting block for many SMEs in increasing visibility of devices while ensuring that security is upheld throughout.
With constant threats lurking around the corner, organisations must be quick to understand the cyber security issues facing them, or else see systems breached. While BYOD has been a great tool for SMEs to provide innovative approaches to businesses, it is a multi-layered initiative that requires careful planning and understanding throughout an organisation. By incorporating simple steps, SMEs can increase their confidence in improving security while having the ability to tackle any potential attacks that may appear.