A decade ago, social networking sites were just beginning to surface, a smartphone was rarely used, and fax machines were still considered vital in a workplace. Today, it’s a very different picture: almost all employees have at least one mobile device, workers are always online, and corporate information is now shared alongside personal information on social networks such as Twitter and Facebook.
Consumer technology now plays a starring role in the daily lives of small and mid-sized businesses (SMBs). Companies are learning that social networking sites can provide a genuine competitive edge, by finding and forging deeper ties with customers as well as empowering employees. However, the rapid consumerisation of IT is positioning businesses as prime targets for cybercriminals intent on stealing identities, spreading viruses, or conducting other harmful activity.
According to a 2009 Symantec SMB Security and Storage survey, more than one out of three businesses still don’t have basic antivirus software protecting them from online threats. As our workforce becomes more mobile, and accessing and sharing company information from home and on the road becomes more prevalent, his leaves companies more vulnerable to the risk of data loss. As a result, critical and confidential information is slipping through the cracks into unprotected territory, resulting in loss of sensitive information related to the business and its customers. Not only do these incidences cause data breaches, they also result in hours of downtime while companies try to get systems up and running again.
So how can SMBs stay connected and embrace the adoption of new technology amongst employees while properly ensuring business information stays protected and secure? Where do businesses draw the line on the use of social networking sites and instant messaging in the workplace? Here are few essential things SMBs can do right now to protect information while embracing today’s connected world.
1. Understanding Information Exposure
One of the biggest challenges SMBs face today is balancing the need for information to be readily available at all times with the need for it to be properly protected. Evaluating the potential for risk is essential to maintain that balance. Generally, businesses can ask themselves fundamental questions such as: Where is my confidential data? How is it being used? And, how do I prevent data loss?
2. Refreshing Internet Policies
SMBs have dealt with internet security issues in the workplace for many years. Businesses need to recognise that the rise of online social networking sites adds an extra layer to this challenge, and requires businesses to refresh IT protocols to ensure employees are making proper use of the Internet. This includes:
- determining new technology and websites employees are using and how they are being used in the work setting;
- educating employees about the implications of social networking sites from a professional and personal point of view;
- offering training to raise employee awareness of IT security and identity theft issues, including discussions about the current risks the Internet may pose and the consequences of becoming victim of cybercrime, and;
- building a clear and comprehensive “Acceptable Online Usage Policy”, so employees know such things as what websites/applications are acceptable to use at work; having strong passwords in place on all devices and confidential websites; and, warning them not to open suspicious attachments and links in unexpected email. SMBs need to make sure employees are aware of these policies, and ensure they are regularly reviewed, updated and enforced with an appropriate technical solution.
3. Managing Mobile Devices
Businesses should establish best practices specific to mobile devices to ensure information is secure. Executives and consumers should feel safe in accessing confidential information without worrying it will end up in the wrong hands. Employees need to be encouraged to be vigilant about personal security by making sure all mobile devices are password protected, and are not left lying around.
4. Making the Right IT Investments
With the rise of polymorphic threats and the explosion of unique malware variants observed in 2009, traditional approaches to antivirus are not enough to protect against today’s threats. SMBs should ensure they are purchasing a solution specific to its needs and budget constraints, and that is also easy to use.
Businesses should look for an all in one suite that provides end-to-end protection for all devices, effective antispam protection, and reliable backup and recovery technology to enable SMBs to easily restore data and stay protected against new threats.
5. Engaging with a Trusted Advisor
With limited time, budget, and employees, businesses should look to a solution provider to help create plans, implement automated protection solutions, and monitor for trends and threats. A trusted advisor can also educate employees on retrieving information from backups when needed, and suggest off-site storage facilities for protecting critical data
Safeguarding information in the new era of social networking should be a high-priority for SMBs. This means making sure the right policies are in place, augmenting these policies with an antivirus software that has advanced threat protection, and ensuring information is properly backed up in case of an emergency.
Steve Martin is the director of the small and medium business (SMB) sector for Symantec in the Pacific region. In this role, he is responsible for developing and implementing Symantec’s strategy with all small and mid-sized customers across Australia and New Zealand. Martin also manages Symantec’s distribution business and works closely with partners in the Pacific region.