Less than 15 years ago it was rare to find a business using the Internet or a mobile device in the workplace. The landline phone, the fax machine and the typewriter were still heavily entrenched in the workplace. And while some tools, like the landline phone, remain, we have seen the establishment of new tools such as the Internet deliver a profound effect on the way we work and play.
Online is the new world and while it offers tremendous opportunities for businesses to connect and grow, it can also present significant risks for those businesses that don’t protect their people and information online. In fact, a recent Symantec online survey of more than 500 Australian small and medium businesses (SMB) found that 56 percent of Australian SMB respondents have been affected by a cyber threat, up from 46 percent in the 2008 survey.
The survey also found that SMB respondents believe that cybercriminals are the most dominant security threat and nationally, 52 percent of respondents rated malware created by cybercriminals as the most likely security threat to their business. This increase in cyber attacks and concern for cyber threats can be attributed to the continued growth in both the volume and sophistication of cybercrime attacks.
As businesses embrace the online world and become more mobile, they equally become more vulnerable to online security threats and data loss. The bottom line is that while businesses must stay connected to remain competitive, small business owners must also ensure that their information is protected and secure.
So how can a small business stay safe online and not be a victim of a cyber attack? How can a business recover its customer database in case the system fails? And what precautions should a business advise their employees to follow when they are given a smartphone or connect onto social networking sites at work?
The following are tips that small businesses can implement to protect their information while navigating today’s business Internet.
Understand Where Data Resides: One of the biggest challenges small businesses face today is balancing the need for information to be readily available at all times from anywhere, with the need for it to be properly protected. Evaluating the potential for risk is essential to maintaining that balance. Businesses must ask themselves questions such as: Where is my confidential data, and how is it being used? And, most importantly, how do I prevent data loss?
[Next: Create a security policy]
Implement more than just antivirus software: Many businesses operate under the assumption that installing free antivirus software is enough to protect their information. Small businesses that rely on this type of solution to protect employees from falling victim to an online scam, are not getting the protection they need. Hackers today are targeting end users directly through legitimate websites, which naturally have higher traffic, thereby offering higher payload in terms of the number of users that can be compromised.
To be truly protected against today’s increasingly complex and organized cyber attacks, businesses need multiple layers of security that protects the end user from all angles. Small businesses should ensure they are purchasing a solution specific to the business, and one that meets its needs and budget constraints. Businesses should look for an all in one suite that is easy to use and protects against malicious software, spam, data loss and downtime.
This solution must have end-to-end protection, ensuring it is sophisticated enough to defeat known threats and unknown threats to all devices. The solution must also have effective and accurate antispam protection, as well as rapid, reliable backup and recovery technology, enabling businesses to easily restore data and protect against new threats.
Finally, it is important to remind end users to develop strong passwords to make it more difficult for intruders to access your data. Passwords should have at least eight characters and a combination of letters, numbers and special characters.
Create A Security Policy: Small businesses have dealt with threat issues for many years that have resulted because of employee use of the Internet. The rising use of social networking sites add an extra layer to this challenge. There is no one right answer for how companies should proceed. However, the heightened risks surrounding online social networking pose an opportunity for businesses to look at creating company Internet policies. These policies can be as simple as:
- Determine what new technology and websites employees are using and how they are being used in the workplace.
- Educate employees about the implications of not only using the Internet, but social networking sites. Business owners must help their employees pinpoint the current risks the Internet may pose, and the consequences of being a victim of an attack.
Build a clear and simple “Acceptable Online Usage Policy” so employees know what websites/applications are acceptable to use at work; having strong passwords in place on all devices and confidential websites; and, warning them not to open suspicious attachments and links in unexpected email. Create a security awareness program so that employees understand policies. Ensure they are regularly reviewed, updated and enforced with an appropriate technical solution
[Next: What about mobile phones?]
Manage Mobile Devices: Small businesses that have mobile devices available to employees should establish best practices specific to these devices to ensure information is secure. Executives and consumers should feel safe in accessing confidential information without worrying it will end up in the wrong hands. Ensure all mobile devices are password protected.
Encourage employees to be vigilant about personal security by not leaving handheld devices around. With the increasing amount of Wi-Fi hotspots in major cities, people can connect to the Internet almost anywhere. It is important employees only use secure wireless connections that are password protected when accessing a company server remotely, or when using a company laptop. These simple steps should be added to the “Acceptable Online Usage Policy.”
Educate employees: Data breaches can be avoided by simply educating employees on the importance of protecting their devices. Good, common-sense best practices are part of the solution for protecting data. For example: do not leave your mobile device lying around for others to pick up, keep it on your person or in your sight at all times.
Engage a Trusted Advisor: With limited time, budget, and employees, small businesses should look to a solution provider to help create plans, implement automated protection solutions, and monitor for trends and threats. A trusted advisor can also help a business owner educate employees on retrieving information from backups when needed, and suggest off-site storage facilities for protecting critical data.
Safeguarding information in this new online world should be a high-priority for small business owners. This means making sure the right policies are in place, augmenting these policies with an antivirus software that has advanced threat protection, and ensuring information is properly backed up in case of an emergency. Remember that technology alone cannot secure an organisation. Technology together with people and process is the best defense for safe-guarding your people and information in an online world. It is this combination that will ensure your businesses is connected with confidence.
About Steve Martin
Steve Martin is the SMB and Distribution Sales Director for Symantec in the Pacific region. In this role, he is responsible for developing and implementing Symantec’s strategy with all medium to large sized customers across Australia and New Zealand. Martin manages a team directly responsible for customers in New South Wales and Queensland. Martin has more than 25 years’ experience in the IT industry and has a strong understanding of the needs of the mid market business sector and the IT channel community.
