Essential security for your business
Every small business should place IT security high on its list of priorities.
Today's technology is a huge boon for small businesses, giving them the tools they need to compete in competitive markets. Together, computers, mobile devices, software and online services can enhance productivity, empower teams and have a strong positive impact on a company's bottom line. Yet all these benefits come with one big downside: the threat of cyber-crime.
Viruses can bring systems down, causing hours or days of lost productivity. Data breaches are disastrous for businesses, making valuable business information available to outsiders and putting confidential customer data at risk. Beyond disruption, lost sales and the cost of fines and compensation, there are the hidden costs that come with damage to reputation and the loss of existing business. This is no laughing matter for large companies, as we saw with British Gas, Marks & Spencer and TalkTalk last year, but it's not something smaller businesses can ignore, either.
The most recent Information Security Breaches Survey for the Department of Business, Innovation and Skills found that 74% of small businesses had suffered a security breach during 2015, up from 60% the year before. The number affected by malware attacks had risen by 36% over the last year's figures. On average, the worst security breaches cost small businesses between 75,000 and 311,000 when you took all the different costs into account. That's not something that many small businesses can afford.
To make things worse, the threat landscape isn't getting any easier. Intel's security division, McAfee, found 42 million new malicious malware samples in its last threat report; the second highest growth on record. Newer threats like macro malware and ransomware are on the rise, phishing attacks are growing more sophisticated, while mobile malware is undergoing an explosion, the numbers growing by 72% between Q3 and Q4 2015. Cyber-criminals are finding new ways to gather information that could be misused, then new ways to misuse it, including CEO fraud a business spin on identity theft where the fraudsters claim to represent your company. In short, it's not a good time to take risks.
Yet take risks is what a lot of small businesses are doing, particularly when it comes to their mobile devices. According to the Information Security Breaches Survey, 15% of all organisations had a security or data breach involving smartphones or tablets a doubling of the figures from 2014 yet few small businesses have any policy in place to secure the same devices. In fact, 18% have no policy at all.
There are some essential measures that every business should take. The UK government, for example, advises:
- Downloading and installing software updates as quickly as possible
- Using strong passwords to protect your data
- Deleting suspicious emails as soon as they arrive
- Using anti-virus software
- Training your staff to recognise security threats and deal with them
These are all good fundamental steps, but in an era where businesses are exploring the potential of mobile devices and accepting employee-owned devices, they may not be enough. Desktop computers and servers remain a target for criminal activity, and both they and the company network need as much protection as ever. Yet laptops, tablets and smartphones have needs above and beyond basic practices and anti-virus software, not just because they're more vulnerable to physical loss and theft, but because the way they may be used outside of the business opens them up to further threats.
Some will tell you that smartphone and tablet security shouldn't worry you; that an iPhone can't get viruses and that Apple and Google already do everything that needs to be done to secure your mobile devices. Sadly, they're wrong. Last year the Stagefright' exploit showed how vulnerable Android phones could be, while the AceDeceiver virus proves that cyber-criminals can get around the protection in iOS. Earlier this year, McAfee found that over 60 Android games hosted on the Google Play store were infected with an Android virus. How can you be sure what employees might install on a phone that has access to your business data?
A Holistic Approach
The trick is to look in-depth at the threats that face your business, then take measures to guard against them. If you store data on a PC, laptop or tablet, ensure that it's encrypted. If you have teams working from home or on the road, make sure that they use business-grade, secure cloud services to store and transfer any data, and provide them with secure channels, like a VPN (virtual private network) link with which to communicate with the office. Give them advice on how to spot and avoid malicious emails, software or websites.
Yet the most effective measure may be to have software in place that works across all their devices, including desktop and laptop PCs, tablets and smartphones. McAfee Multi Access, for example, offers robust protection from viruses, botnets, spyware, spam and identity theft across five devices. It has features that prevent users from visiting risky websites or entering details into phishing websites, plus secure password management tools that support a proper password policy. It blocks spam and phishing emails across PCs and mobile devices. It also includes features that can guard a device remotely, so that it can be encrypted, locked or even wiped if it's lost or stolen, before criminals even get a chance to find out what it contains. You can even take a picture and track the location of a thief with the CaptureCam feature, or sound an alarm with Remote Scream.
At 3 per user per month, this kind of protection doesn't have to be expensive, and with automated installation and updating, it's not complex to manage either. Maintaining strong security policies and installing anti-malware software on PCs is a great start for better security, but if you want real, all-round protection, products like McAfee Multi Access are the smarter way to go.
What you need to know about migrating to SAP S/4HANA
Factors to assess how and when to begin migrationDownload now
Your enterprise cloud solutions guide
Infrastructure designed to meet your company's IT needs for next-generation cloud applicationsDownload now
Testing for compliance just became easier
How you can use technology to ensure compliance in your organisationDownload now
Best practices for implementing security awareness training
How to develop a security awareness programme that will actually change behaviourDownload now