With the close of the holiday season comes the anticipation of a new year ahead. While 2020 has undoubtedly brought significant challenges for SMBs, 2021 will likely be a continuation as organizations proceed with remote work and the cybersecurity risks that come along with it. With the lessons learned from the past year, how can organizations get prepared for what the new year will bring?
Expanding security within SMBs
With the proliferation of remote work has come the blurring of work and personal life. Employees are now using personal devices for work tasks, sharing home networks with the rest of the family and leveraging work tools to ease their personal activities, from video calls with friends and family to online shopping. In this new environment, employees can be targeted for their personal and company data. That’s why it is time to reimagine security from both the IT and the user/employee perspective.
From enhancing cybersecurity practices with the basics to implementing identification tools and security trainings, there are several steps SMBs can take to enhance their security in 2021 without breaking the bank:
- Going back to the basics. We usually forget about the basics; cybersecurity hygiene is paramount and the basis to building a broader security plan. Maintaining updates on the software, firmware and anti-malware, as well as ensuring backups are the starting point. Followed by tracking applications used and who has access to those, helping minimize shadow IT – many threat actors target those unattended applications.
- Moving to a passwordless method. Passwords are the most common method of authentication and are entry points into your organizational data; however, they have become a hazard for the business. Users tend to reuse and/or create weak passwords across accounts, not only in their personal life. To mitigate the potential issues, single sign-on (SSO) can help simplify access for the user. It connects users to IT mandated apps and systems without the need to remember passwords. For an SMB, this method can help secure most entry points, but it has to be combined with a password manager. This will ensure applications that aren’t mandated by IT or those that can’t be authenticated through SSO can also be accessed easily and secured, helping users manage and create strong passwords for all their other online accounts.
- Authenticating users. Multi-factor authentication (MFA) adds further layers of security for the user while providing IT peace of mind in terms of providing access to the correct people. There are several types of MFA, but the basis remains, it leverages different factors that can be biometrics, text messages, email codes, or contextual data such the IP address in order to verify the identity of who is accessing an application or device.
- Security culture matters. You can have all the tools and technology in place to secure the company, but mentality plays an important role as well. A company will still be vulnerable if its employees do not understand their role in the company’s cybersecurity. Awareness trainings are a must, from identifying phishing emails or malicious links to utilizing the tools they are assigned, employees will be able to mitigate threats before they happen.
- Rely on a security partner. Managed service providers (MSP) provide resources that many SMBs may lack. They act as an extension of the IT and security team and provide more capabilities that a small team may not have the time or expertise to manage. MSPs can help improve the security posture of the organization, minimize risks and support the cybersecurity program and allow the IT/Security team or leader to focus on other priorities of the organization.
As with every year, the security landscape will continue to shift in 2021. As many threat actors continue to come up with new ways to infiltrate individuals and organizational data, SMBs need to be ready to face those threats, especially during times of increased online activity. From improving cyber hygiene and providing trainings and adequate tools and partners for the company, SMBs need to prioritize security to keep their assets safe during 2021 and beyond.
Gerald Beuchelt is the Chief Information Security Officer at LogMeIn. He is responsible for the company’s overall security, compliance, and technical privacy program. With more than 20 years of experience working in information security, he is a member of the Board of Directors and the IT Sector Chief for the Boston Chapter of Infragard. In his prior role, Gerald was the Chief Security Officer for Demandware, a Salesforce Company. He holds a Master of Science degree in theoretical physics.