SMBs are exposed to many of the same security threats as large enterprises and we are seeing a major trend in cyber-crims designing malware that targets smartphones, tablet computers and other mobile devices, particularly as these devices increasingly carry more and more valuable personal and financial data.
Our online activity is a lot more mobile today than it was only a few years ago and employees are visiting many more websites, including social networking communities, from their work devices. Plus there is huge growth in user-driven IT with SMBs taking advantage of increased productivity by utilising mobile devices for both personal and business purposes.
With this in mind, McAfee SMB sales manager Asia-Pacific Robbie Upcroft shares his expert advice about the mobile security threats facing small business and how to combat them.
Malware goes mobile
By 2014, mobile internet use is expected to take over desktop internet use and we are seeing a steady rise in mobile malware – malicious applications designed to steal money and information – and risks associated with loss and theft. In total numbers the end of 2011 was one of the busiest periods we’ve seen for mobile malware and we expect this trend to continue for quite some time. The Google Android mobile operating system (OS) moved into the number one spot as the most “popular” mobile platform for mobile malware. The Symbian OS remains the platform with the all-time greatest number of malware designed to attack a specific platform, but Android is clearly the modern target.
While it has become commonplace to expect desktop computers to be loaded with security software and firewall protection, this awareness has not yet translated to mobile devices. Despite the fact that the average mobile user is now storing and accessing more data than ever before, these devices are very susceptible to being lost or stolen.
Impact on SMBs
The growing industry trend of employees bringing their own devices is also evident in SMBs. Research by AMI-Partners has seen 87 percent smartphone penetration by Australian SMBs, 96 percent use their smartphone for corporate email, 38 percent access / update corporate presentations and content, and 25 percent access / update corporate finances and business analytics*. The research suggests that attracting and retaining talent, increased employee productivity and mobility and greater employee satisfaction, as well as reducing IT costs, are some of the primary drivers of BYOD adoption.
A mobile workforce adds to the complexity of IT security for SMBs when assets and intellectual property can be accessed on multiple devices. Mobility isn’t limited to just using mobile devices in the workplace, it also refers to remote access such as utilising free public Wi-Fi connections. There are risks associated with unsecure wireless Internet connections such as hacked and stolen accounts and passwords.
You are probably thinking “why would my business be at risk? I’m just a small business”. Let’s take a glimpse in to the mind of a hacker. Large scale, sophisticated cyber-attacks such as the Sony PlayStation Network incident involved advanced persistent attacks with the aim of stealing and exposing valuable assets such as personal and financial information of Sony PlayStation Network users. SMBs are susceptible to the same threats when their financial assets and intellectual property are not protected and secured.
A proactive approach to cyber security
Set policies and procedures and conduct security awareness training for your staff, so that each employee is taking the necessary measures to protect not only their own data, but work-related data.
Mobile devices need to prevent unauthorised access in case they are lost or misplaced. Installing encryption protection on devices, locking a device using a PIN or password after a short period of inactivity and having the ability to back up and wipe data on a device if the device is lost or stolen are some of the ways to secure your device. Losing work-related data on a device can be costly and time-consuming.
Implementing an integrated IT security solutions and services program for your small business provides the convenience of having full-time security expertise without the need to hire internal IT staff.
*2011 SMB Security Market Overview – AMI-Partners