Things to build SMB security upon

The global workforce is increasingly going mobile: 37% currently, up to 50% by 2020. There are more actively used mobile devices in any more or less developed country than there are adult citizens, so clearly “mobility” is something related to us all.

We’ve written before (quite a few times) that while security may be intimidating for SMBs, it actually a) is rather easy  i.e. things to start with; b) isn’t so scary, expensive, incomprehensible, or demanding – even for businesses in their infancy which may not have the resources to hire an IT security professional.

For starters, just remember…

Your business is a potential target of cyberthreats. That doesn’t mean you will be attacked tomorrow or even in a week. But you shouldn’t wait to be targeted before taking action. There are startling statistics available. They’re not there to frighten you, but to serve as proof, that the smarter approach is to assume a cyber-hiccup is in the making for everyone, and you should be ready for it.

…Then start asking the questions

The first step towards security is to ask questions – namely, IT security questions. Such as “Where is my data?,” “What Should I do to protect the data?,” and “How do I make sure my data stays safe?” We wrote about these questions just two months ago – take a look.

If these questions have appropriate answers, the situation starts to look manageable – once you have comprehension of the problem, it’s no longer intimidating.

A good way to ensure that your data (and, hence, your business) is safe is to use a multi-layered, integrated security solution, tailored specifically for smaller-sized businesses, and that does not require gargantuan efforts and the expertise of a seasoned IT worker to be managed. And it shouldn’t cost as much as a full-scale enterprise solution – which is of little use to SMBs.

Take a look at this presentation about the steps to protect businesses.

Kaspersky Small Office Security fits to all of these criteria. Its trial version can be downloaded here.

Mobilize the protection of mobile force

The global workforce is increasingly going mobile – 37% currently, up to 50% by 2020. As a matter of fact, there are more actively used mobile devices in any more or less developed country than there are adult citizens, so clearly “mobility” is something related to us all.

And it’s safe to assume that a large portion of today’s workers use mobile devices not only for calls and amusement, but also for business needs – storing sensitive information is included.

At the same time, bad guys are aware that sensitive information may contain enticing bits of data like passwords to personal or company accounts, or other data that would allow them access to money – and what else would a criminal want? Everything they do is about extracting money from others, and nearly all of the malware the IT underworld writes is about squeezing important data and funds from wherever they can. Mobile devices are under extreme pressure today, because there is a gap between perception and reality: mobile devices must be protected as much as PCs and other infrastructure, but it’s not always the case. Take a look at our recent post about mobile threats and the users’ perception of the matter.

“Encrypt? Why?”

Encryption is a sensitive topic; as much as it is the best way to ensure that the important data is safeguarded, it may seem like overkill for some and a danger for others. What if you forget the password to the encrypted data?

Then there is an encrypting ransomware that goes on to “safeguard” your own data from you unless you pay the cybercriminal hiding out there in the Tor. While it is a far-fetched scenario, occasionally people may perceive the encryption as a double-edged sword.

But aside from cryptolockers, encryption is a great tool, and for businesses processing e-payments using it is a legal requirement.

What happens without encryption? Well, remember the Sony Megahacks: in both cases the confidential data had been stored in plain-text (plain wrong) form. And that cost them.

May the awareness be with you

Up to 31% of all cyberattacks are directed at businesses with less than 250 employees, statistics say. Criminals are aware that SMBs often don’t expect cyberattacks to happen to them (because they are small) and that they will skimp on their security – at least until lightning strikes.

In stormy areas people set up lightning rods. In arid locations they store the water and sand in case of sudden fire. Seismically reinforced buildings are erected where earthquakes are common. In the cities where land-floods occur, the first-level windows are more elevated above the ground than elsewhere. The Web today is indeed stormy, and cyberattacks may be surprising, but are never totally unexpected – just like a lightning bolt during a thunderstorm. Attacks happen, but they shouldn’t be successful, and they won’t be if the countermeasures are taken ahead of time.