Chief Security Evangelist at ESET shares tips of how to safeguard company data from the common threats organizations face
Most small- to medium-sized businesses (SMBs) in Canada and are still operating on a hybrid format, a and a major part of the business model that could be lacking but is a very important subject, often overlooked, is cybersecurity.
In the digital age, there is a high price on personal data, and with the personal information SMBs have collected from their employees and customers — simply through email chains alone — employers have a responsibility to keep that information safe from data breaches.
Furthermore, according to new data from a recent survey conducted by ESET, a global leader in cybersecurity, 74 per cent of SMBs in North America and Europe believe that they are more vulnerable to cyberattacks than bigger corporations. While these decision makers are concerned about the possible implications of an attack – most notably loss of data, financial impacts and loss of customer confidence and trust – seven out of every 10 of businesses surveyed admitted that their investment in cybersecurity has not kept pace with recent changes to their operational models (i.e., hybrid working).
The survey also identified the top three challenges identified by SMBs in North America are an inability to keep up with the latest cybersecurity threats, keeping up with the latest cybersecurity approaches and technologies and budget limitations/lack of investment in cybersecurity
With that, SMBS are at a point where they can no longer afford to ignore cybersecurity, and they should consider the following steps to protect their data, and that of their customers.
Perform a risk analysis.
There is often a disconnect when teams are not fully aware of the threats their organizations face from cybercriminals. Any organization that is serious about cybersecurity should perform a risk analysis to determine what digital assets are at risk and the level of risk they face. If a business is not aware that criminals can sell its customer and employee data for a good price on the black markets with little chance of arrest or make money by renting out its hijacked servers for use in malicious activities, then that company is probably under-estimating its cyber risks.
Educate employees on cybersecurity.
Unfortunately, SMBs are not very familiar with the techniques used in ransomware attacks or how adversaries use social engineering, even though these are hot topics in cybersecurity right now. Given how important SMBs are to the local, national and international economies, the implications of a hack are serious —many of them would be unable to function for more than a few days without access to their data, and some would have to cease functioning immediately. A very encouraging 88 per cent of employees place a strong emphasis on “training on your company’s IT security procedures.” Yet much work remains to be done.
Have a system in place for backing up company files.
Until you’re hit with ransomware or suspect insider malicious activity, it’s hard to realize just how important effective backups are. Some software suites even give you the ability to replay file deletion, copy or exfiltration for some extended period of time, in case one of your employees or contractors steals information. Companies don’t need vast enterprise-level offerings; they can start simple and grow over time if need be. The main thing is having something and to ensure that some element is offline, out of the reach of cyberattackers.
Have endpoint Security and anti-virus installed on all devices.
This is the most basic security measure a company can take to protect employee and customer data, and most employees would agree. This is also a method of making employees feel safe with their client’s information, and their own, for what is usually an inexpensive solution.
Multi-factor authentication.
Whether using hardware tokens, credential management software or an authentication app, this is a low cost extremely effective solution, and anyone can do it. USB security devices, for example, are less than $50 and are very good these days. Same with software that provides similar functionality; it doesn’t cost that much and will harden your organization significantly. The software is easy to understand – you won’t need a postgraduate degree in cryptography to push a few buttons to make it work.
With clear evidence that the risk of cyberattack increases with revenue growth, there is a definite need for SMBs to keep improving their awareness of threats and their ability to deflect them. And there is plenty of room to better align cyber policy, procedure, and product selection with the full range threats, because the threats are unlikely to diminish any time soon.
Keep testing
Once you’ve been through the previous steps, don’t let your guard down. You need to reevaluate your processes at least once a year or more often during periods of crisis. Make sure that your employees maintain compliance with your guidelines, all your software is up-to-date to stay safe from known vulnerabilities, and to disable or remove the accounts and access of employees who have left the company.
