Reading online accounts of cyberattacks could lead SMEs into thinking they are too small for criminals to target. The truth is different and a report by Symantec found cyberattacks on SMEs rose 300% in 2012.
The monetary gain for breaching an SMEs digital security may be less, but the targets are considered easier, with lower levels of online security protecting valuable business information.
Enterprises spend a great deal of money attempting to prevent online attacks. SMEs don't have the same budget, however they cleverly leverage online services and introduce robust security principles to minimise the risk of data breaches.
Mobile Device Management
When companies give employees options to use mobile devices for work as it opens up more flexible working arrangements and has demonstrable benefits for increasing productivity.
On the flip side, phones and tablets are often misplaced and a common target for thieves. Having a device full of valuable business information, like email addresses or stored documents, which can quickly disappear could cause great damage to an organisation's operations should it fall into the wrong hands.
Adopting cloud service that include robust mobile device management reduces the risk when devices go walkabout. IT departments should check their chosen supplier provides options to remotely block mobile devices and preferably wipe information from them.
A delay between a phone disappearing and it being wiped could cause an information leak. Employees need reminding of their professional responsibility to both look after equipment holding business information and inform the IT department should something go missing.
Some SMEs give end-users the ability to wipe devices themselves through web admin panels (such as those webmail panels provided by Microsoft Exchange or Google Apps). This speeds up device removal at the risk of putting more responsibility in employees hands.
Digital security is no stronger than the weakest part. In many cases this is passwords. The most commonly used passwords are '12356' and 'password', both unlikely to trouble a hacker for more than 10 seconds.
Choosing memorable secure passwords is painful. Make it too complex and the user forgets, too easy and brute-force attack will quickly gain access. Techniques exist to help employees choose better passwords and a business which values online security will make sure users understand the need for more complicated passwords and give advice on creating them.
An extra layer of protection is available when digital services support two-factor authentication. This combines passwords with another verification method to make sure only the account holder can log in. Whenever making a login attempt on a device or computer not previously used the second verification is triggered. This can be in the form of a text message, a code in an authentication app, or an email to a secret address.
Access is only given when confirmed using the secondary method. This prevents a hacker logging into someone's online services using a different computer even after they've acquired the password and username.
Attaching a document to email is now a common way of passing information to others, both inside a company and in discussions with external contacts. The risk is that once an attachment reaches a person's inbox, it goes out of the control of the sender.
Nothing stops the receiver forwarding documents onto others. Which creates a serious security hole for SMEs, with private, and often commercially-sensitive, information now in the wild.
SMS offer a secure email platform which includes the ability to send encrypted file attachments of up to 5GB. The service uses 128bit SSL and 256bit AES at rest encryption.
The other alternative to emailing documents is a cloud storage service. A business-focussed cloud provider will include ways for users to share documents with others in ways that don't impact on digital security. Instead of sending an attachment, the user sends a link to an online document. Various ways of securing the link are available, including password-protection (with the password given separately), a time-limited link, or making the receiver log in on a website with their email address to view it.
It's common for SMEs to think documents stored on an office PC are more secure than those stored off-site in the cloud. When one takes a wider view of where organisations store data that picture changes.
How secure is your office? Does it have bio-sensors and 24-hour on-site security to prevent physical access from unauthorised people? If the office was destroyed, is the data mirrored in another location?
And what about virtual threats? How robust is your network firewall? Is the data on hard drives encrypted with layered encryption technologies?
Data centres can afford the highest-level of physical and virtual security. Equaling or bettering anything enterprise companies have access to. Putting documents in the cloud gives SMEs the highest level of digital protection for valuable information.
If a hacker deleted all the files on an office network could the company maintain business continuity easily? How long would it take it to recreate the lost information, if it was possible at all?
Having an off-site backup of company data means organisations are quickly back in business. Essential documents can be retrieved online and downloaded back to the office network, or individual PCs. Providing a simple way to deliver business continuity.
Hackers are actively targeting organisations they think have lower digital security standards. SMEs can't ignore online threats and hope their smaller size will protect them.
Cloud services not only enable SMEs to increase their digital security levels and match those available in the enterprise sector, they also improve business continuity provision. Helping organisations continue working and bounce-back quicker if the worst should happen.