The rapid transition to making our workforces remote in response to the COVID-19 pandemic has created an increase in security concerns for businesses. Many IT departments and cybersecurity resources are overstretched from the shift as they scramble to update networks to handle the spikes in remote access users and IT support tickets.
Small or medium sized businesses (SMBs) make for attractive targets for hackers and other cybercriminals because of the perception that they are less digitally prepared and security conscious than larger companies. Further, each remote access user can be an entry point into a business’s network – a concept security professionals refer to as an “expanded attack surface”. Indeed, business has been brisk for cybercriminals during the pandemic with organizations seeing 400% increase in in attacks.
However, recent data from Cisco’s annual “Big Security in a Small Business World” report shows that many SMBs are well adept at warding off hackers. When measuring security practices and response to the transition to a remote workforce SMBs closely mirrored the large corporations. The report is based on a survey of almost 500 SMBs from around the globe that have 250-499 employees.
Leveraging these insights, here are some of the leading industry best practices that should be incorporated into your company’s security approach while navigating the ever-evolving remote work environment.
1. Transparency with Customer Data Usage
There have been far too many scary headlines of data breaches within companies of all sizes that has created a level of distrust in the security competency of these organizations. As a result, more customers are actively seeking out information about how their information is being used and want transparency from organizations on exactly what details are being collected, how that information is used and who it’s being shared with.
Transparency in how customer data is used builds stronger trust with customers, and customers have a similar level of interest no matter the organizations size. The report found the 74% of SMBs received inquiries from customers on how they’re handling data compared with 77% of larger organizations. Additionally, 59% of SMBs disclosed their most significant data breach in the past year compared with 62% of larger organizations. As the way we conduct work and business continues to transition due to the pandemic it’s important to continue transparency with customers to protect them and trust in your organization during this more vulnerable time.
2. Preventing Downtime
As we continue social distancing and physical stores remain closed or have a more limited capacity, businesses will engage many of their customers online. Attacks or issues that cause downtime result in lost business from customers getting frustrated that they can’t view items in a timely manner or complete the processing of their order.
The report found that 24% of SMBs in the past year experienced downtime last over eight hours caused by a security breach compared to 31% of larger organizations. To help mitigate the issue your organization should start working to automate parts of the network to help monitor and alert to potential threats. Automation also helps free up IT teams to focus on more critical projects instead of having to perform manual tasks which can also be the source of network issues.
3. Testing Security
It’s a necessity for businesses to perform proactive searches for attacks to their environment that haven’t raised an alert to identify potential vulnerabilities. These threats may be quietly siphoning data or working their way through the network to find the proper credentials for accessing and stealing the most valuable information. Gartner recommends conducting a walkthrough with the response team to ensure everyone has the tools they need and knows their role in responding to threats with the change in operation environment.
Hackers believe that with IT overwhelmed they’re unable to actively search for new threats. They may prioritize attacking smaller businesses thinking that the smaller teams are occupied investigating alerts that they don’t have bandwidth to search for other threats. Cisco found that 72% of SMBs have employees dedicated to threat hunting compared with 76% of large organizations. Hackers are constantly adapting their techniques for breaching the network so it’s essential to conduct these hunts frequently instead of every few months.
4. Educating Staff
No organization is safe from attacks so it’s important to train staff on what attacks may look like and how to mitigate them to help mitigate risks. These attacks may target the company, individual employees or it may come through an employees’ personal accounts that they’re accessing on the company’s device or network.
Many SMBs are preparing staff with 84% making security awareness training mandatory, only slightly lower than 88% of larger organizations. Additionally, 86% of SMBs have clear metrics for access their security program’s effectiveness in comparison to 90% or large organizations. With the new risks that businesses are facing it’s essential to provide training updates and alert employees to the new practices they may need to implement when accessing or updating the network and to new threats as they arise.
The good news is that, contrary to perception, many SMBs are well-prepared to handle the onslaught of cybercriminals. The bad news is that that this isn’t slowing down the number and diversity of attacks that businesses have to worry about. Achieving effective cybersecurity at a business is not one person’s or even one department’s responsibility – it’s everyone’s. Through best practices such a transparency, hardened security infrastructure, continuing education and training, SMBs will be able to keep at least one step ahead of the bad guys.
Dhritiman Dasgupta aka “DD” is the Vice President of Product Marketing for Cisco Small Business Solutions. In this role, DD leads a team that is responsible for Cisco’s products, solutions and marketing strategies designed to increase mindshare and walletshare within the small business segment. @mandhriti