While everyone is thinking about BYOD and BYOA in their small business, there are plenty of security issues to be wary of. Robbie Upcroft, SMB sales manager Asia Pacific at McAfee, offers his advice.
What’s the most important information in your business? Is it your customer database? Is it your sales figures? Is it the document that keeps all the stored passwords for every computer on the system? Most importantly, how protected is this important information?
Every business has files like these, and every business needs to be aware of how attractive these files look to hackers. While deploying viruses that might be randomly downloaded is one way of attacking businesses and individuals alike, a new trend in hacker attacks involves getting into your system, encrypting the data and then ransoming it back to you. This is exactly what happened to one Queensland medical centre that was forced to pay the ransom to recover precious patient files.
“As soon as a hacker gets through the desktop they can then access the server and they’re free to go about their business. People are feeling complacent because they’ve got antivirus, they’ve got McAfee on their desktop so they think they’re covered. But what we’ve found is that SMB customers are being targeted by hackers because they don’t have the full suite of security,” says Upcroft.
He believes that with the growing use of BYOD in the workplace, more security measures need to be put in place to protect small businesses from potential threats. “Security doesn’t have to be buying a bunch of new antivirus or anything like that. Talk to someone who has done it before. Whether it’s finding someone who can take you through the tricks and tips or find a trusted advisor, someone who has industry certifications and has been signed off by a security vendor,” Upcroft says.
Upcroft says that more and more, SMBs are leaving themselves open to more sophisticated attacks from hackers all over the world. “Hackers send out a bunch of what are essentially bots, that search the internet for open systems. And it’s easier to send out 1000, $1000 ransom attacks rather than one $1 million attack, because all the big guys are protected.
“SMBs think they have antivirus that should be enough. They don’t think that Jennifer in accounts has access to payroll at home. But if someone has access to it, and downloads malware, there’s nothing antivirus can do. The way that antivirus works is that it responds to blacklisting. So if something is blacklisted it’s a virus that has been listed and is known which is great, until there’s something that’s not on that list.”
He recommends one option for small business is to install a whitelisting system, which essentially means that computers are blocked from running any applications that don’t appear on the list, making them safe from random software. “You probably want people to be able to run their stuff on their desktops but on the server, where there’s all the customer information and tools, no. You don’t put angry birds on the server.”
While Upcroft believes that the new Federal Government initiative for digital security is progress, he believes that more could be done for the SMB space.
“It’s excellent but from an SMB specific point of view I’d like to see more acknowledgement of the threat that SMBs face. We have a lot of good cyber security information going out about end users and children and that’s all great, there’s a lot of emphasis from a national defence point of view which is as it should be. But SMBs are the lifeblood of the economy, and yet there’s not a huge amount coming from the Small Business Minister on that type of stuff.”
Upcroft advises SMBs to employ three main strategies to cover their bases when it comes to computer security.
1. “Have a policy- a documented, written security policy, for everyone about what is the accepted use of any work device. For example, you’re not allowed to use a device that has any work information on it to access any untoward websites. Have that written and agreed upon so if anyone goes outside of that it’s bye bye.
2. Make sure your end points are encrypted. Antivirus is not enough, encryption is one of our fastest growing products because even if someone gets to our server or laptop they can’t do anything with it, because the information on the server is encrypted.
3. Make sure that all of yor different security bits and pieces talk to one another. It’s not surprising how many SMBs we talk to that have antivirus from one vendor because it was on sale one day and then a firewall from another vendor and then encryption from another vendor, and the three things don’t talk to each other.