Smartphones, tablets, laptops and other mobile devices are making it easier than ever for employees to be productive. But as their use grows. The threats to your data security also grows. Security breaches to mobile devices cost Small Businesses more than $200,000 on average, according to CNBC. Severe Cyberattacks can even drive a company out of business.
Security experts and Law enforcement sources all state that small businesses are now victims of at least half of all cybersecurity breaches. According to The Cybersecurity Breaches of UK businesses and charities. Almost half of businesses (46%) and a quarter of charities (26%) report having cybersecurity breaches or attacks in the last 12 months. And only about 30 percent of smaller companies have any type of employee training program in place to guard against and recover from breaches.
But not only the management, even staff and employees are unaware of the threats. More than 70 percent of employees leave their devices unsecured. Almost 35 percent of the participants in a survey said that cybersecurity is an average priority on their list. And in the same survey, only 10 percent surveyed confidently agreed that they are knowledgeable about advanced cybersecurity breaches. While 80 percent stated that they are only somewhat knowledgeable about the topic.
43% of all data breaches involve small and medium-sized businesses. And two thirds of Small Businesses have suffered a cyberattack in the past 2 year.
So much for the idea that small business are Under the Radar.
Attack campaigns have become so prevalent that if you didn't experience a cyberattack, count yourself lucky. According to Keeper Security and The Ponemon Institute, you are in the 33% minority. But do not count on beating the odds two years in a row. Especially since 7 out of 10 Businesses reported the attacks they are seeing are becoming more targeted, damaging, and sophisticated.
Wonder how Small Businesses are being breached? According to the Verizon Data Breach Investigations Report, the answer is almost always via email. Attackers use email as a direct line to the most vulnerable part of any business.
The End User - or your Employees.
The truth is, use of the word sophisticated in describing hacks and attacks to the public has been anything but truthful
Hackers no longer need to utilize sophisticated Exploits, Hacks and Bypasses when you can count on users being human and click on those links in emails.
Malicious emails are no longer easily recognizable spam messages of the old days. They are often the simplest disguised messages. According to the Symantec Internet Security Threat Report (ISTR)
The most common malicious email disguises are:
Bills - Invoices (16%)
Email delivery failure notice (14%)
Package delivery (3%)
Legal - Law Enforcement Message (2%)
Scanned document (1%).
In the vast majority of cases, malicious emails rely on tricking users into opening attachments with in emails. The most popular attachment type are Office files, which typically will not be blocked by email filters. According to the ISTR almost 50% of malicious email attachments are Office files.
Tips to Help Safeguard your Devices.
All employees should use Strong Passwords on all their devices. Which should have settings set up to be entered each time the phone is turned on or after a period of inactivity. Staff members Should log out of apps when not using that can access sensitive information.
The Small Businesses should require employees to use encryption for email and any other communication. Most all mobile devices include an encryption feature that can be turned on through the device’s “Options” or “Settings” menu or by following the manufacturer’s instructions.
The Small Businesses IT staff or consultant could set up a Virtual Private Network. This would provide a secure connection to transmit data. Once set up, you should require all employees to use it when accessing resources on the companies WI-FI network.
Bring Your Own Device Many employees use their personal devices at work. The company should implement a policy with guidance on how these devices should be used during working hours. For example, allowing the use of specific navigation apps while prohibiting visits to certain websites, such as those that contain Flash and Flash cookies. Any website that asks you to upgrade anything. Do Not. Let your employees know it is the job of the IT people to do upgrades.
Along with the BYOD policy, you could emphasize the importance of password protecting their phones, recording their device serial numbers and simply keeping an eye on them, especially when they are used outside of work.
The employees should learn how to lock and wipe data from their devices remotely. This can keep sensitive information from being accessed if the devices are lost or stolen
We have more information about locking and wiping data here
With Google, Find, lock, or erase a lost Android device
Motorola Mobile Erase your personal data
Apples iPhone: How to erase your iPhone, iPad, or iPod touch
MDM This type of system would allow managers to monitor the devices when the sales staff is on the road. It would also provide a central point for remotely locking and wiping devices, should one go missing.
You heard it before, and you will hear it again. Managers could advise employees to be sure their devices are set to check for security updates automatically. This can help provide protection for data outside the company's firewall.
To protect your sensitive product information and customer files. You should be using a backup service or device, such as an external hard drive. Some mobile devices will include backup capabilities for storing messages, contacts, and other data to a secure location.
It might not surprise you that security breaches do hurt small businesses the most. Cyberattacks often target small businesses. It is estimated that more than 50 percent of hacked small businesses go out of business with in six months. These numbers are probably wrong, since the number of people not familiar about cybersecurity is very high. People still consider traditional security measures like anti-viruses and firewalls completely efficient.
If we helped even one business with this growing problem.
The time spent in researching and writing this article is more than worth it.
The RSH Web Editorial Staff.
Tweet Share Pin Email.