Getting security right means starting with employee devices, argues Nick Offin, Head of Sales, Marketing & Operations at Dynabook Northern Europe
Just because the cyber-attacks and security breaches that make the headlines tend to involve larger enterprises doesn’t mean cyber criminals aren’t targeting small to medium-sized businesses (SMBs) as well. In fact, recent research1 from Ponemon Institute indicates that as many as two thirds of SMBs worldwide have experienced a cyber attack in the last 12 months.
With such attacks growing in number and sophistication and ICO (Information Commissioner’s Office) fines for data breaches reaching a level that could put smaller enterprises out of business, it has never been more important for SMBs to have the right cyber security strategy in place.
As part of a multi-pronged approach to the protection of company and employee data and assets it is essential to put employee devices with advanced security features at the very heart of a business’ cybersecurity strategy, along with a commitment to employee education.
Secure devices for SMBs anywhere, anytime
The world is currently going through a ‘remote working’ revolution, with more and more SMBs foregoing traditional offices and allowing employees to work from home, from a shared office, from a coffee shop or from public transport instead. According to IDC, as many as 60% of SMEs globally expect to have mobile worker support in place by the end of 2021.
While mobile working with remote system access through BYOD devices provides great benefits to smaller businesses that may not have the budget for permanent physical office space, it does unlock potential new threat vectors and present new challenges in relation to device management. It effectively makes employees a business’s first line of defence against cyber-attacks.
For this reason, it’s important that the tools workers use daily are robust enough to protect against potential cyber risks. In the case of laptops, this could include advanced biometric features and hardware-based credential storage capabilities to prevent password or access hacking.
Other security features, such as zero client solutions, go beyond this and help nullify data-related threats by extracting sensitive data from the device itself. With information stored on a central, cloud-based system, these tools prevent unauthorised access to information if a device is lost or stolen.
As 48% of SMEs access more than half of their business-critical applications from mobile devices1, these solutions are particularly useful for mobile workers who want to gain access to data remotely.
Training is vital for SMBs
Smaller businesses also need to consider employee training as, according to some estimates, as many as 90% of data breaches are caused by human error. Passwords are easy pickings for today’s cybercriminals and, with many of today’s most common cyber-attacks such as phishing and malware being socially engineered to exploit human weakness, sometimes all it takes is one click on a fraudulent link to compromise business data.
Despite this threat, research conducted by ConnectWise shows that only 43% of SMEs have attempted to educate all their employees in cyber security. With smaller businesses remaining a prime target for cyberattacks, it’s now more important than ever to teach staff about security threats and best practices for handling sensitive information, especially as more of them are likely to work remotely at least some of the time.
This training should include insight into a business’s security setup, an explanation of why and how certain security solutions are being used and emphasise the responsibility that employees themselves have for following good cybersecurity practices.
SMBs need to implement a multilayer approach Another consideration that smaller businesses will need to factor in is that the current network infrastructure has not been built with today’s security in mind. This puts the onus on SMEs to go the extra mile and implement measures that protect at the network level as well, using a multi-layer approach that integrates both hardware and software.
In particular, secure-core PCs (see previous page) enable staff members to shield their devices from firmware vulnerabilities, protect the operating system from cyber-threats and prevent unauthorised access to devices and data through advanced access controls and authentication systems.
An in-built BIOS (basic input/ output system) adds a further layer of protection, removing the risk of potential third-party interference, while smart data encryption features safeguard every area of a device’s hard drive, including all system files. Even if the HDD is removed, data will remain encrypted.
Big businesses may dominate the news when it comes to cyber-attacks, but SMEs are far from safe. It is essential that they develop a cybersecurity strategy that includes employee education and device-level security so that employees have the tools to mitigate security threats at a hardware and a software level and the awareness to eliminate risky behaviour. SMBs that aren’t putting employee devices front and centre or investing in training may find themselves next on the cyber-attack list.
1 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses , Ponemon Institute, Keeper Security, 2019