Hemayun Bazaz (pictured), Regional Manager – Channel Sales, Middle East and Turkey at Aruba (a Hewlett Packard Enterprise company) looks at the very real cyber threat to small and medium sized businesses – SME’s
THE THREAT to SMEs comes from the wider trend for cyber criminals to target the individual, as well as the enterprise. With the consumerisation of IT and BYOD, workers carry a great deal of sensitive data on their smartphones that is exchanged back with their company servers. This makes single devices a potential gateway to a wealth of company and private data. If employees are working remotely, for example from a café using guest Wi-Fi, that can also add a layer of vulnerability unless the correct security policies have been applied to the user and device based upon their location.
Typically, the SME market lacks the in-house IT expertise that is required to monitor and secure the network at the individual device level, meaning they may be viewed as an easier target by cyber criminals, as recent attacks have suggested.
Key cyber threats facing SME’s
Most employees believe IT has their back so the weakest link are many times employees themselves. Our recent research has shown that, in order to get the job done, 6 in 10 workers are sharing their personal device with colleagues. In the fast-moving world of SMEs, we see a good deal of entrepreneurial spirit, lots of sharing of information and a fairly minimal focus on company security policies. This has an impact – a third of workers admit to losing company data through misusing a mobile device.
The answer is not to restrict employees sharing data or connecting using mobile devices. It’s about providing a secure infrastructure for them to work in. Even for a small firm of just two employees, formalizing an approach to information security is crucial. Such a policy should cover roles, devices, locations and other contextual attributes, securing corporate information and systems without impacting usability and employee productivity.
In the past, SMEs have lacked this kind of expertise in house, but through growing partner networks that offer service models via the Cloud, they are now able to access expert consultancy and infrastructure without paying the premium price.
Best ways SMEs can protect themselves from malicious cyber-attacks
SME leaders need to nurture creativity and a degree of risk taking in order to get the best from their workforce, while at the same time recognising that attacks will happen and to have a contingency plan for this. Inevitably, this puts a lot of pressure on IT to take an adaptive trust approach to device connectivity and data security.
It starts with identifying individual worker preferences in order to build secure infrastructures around them. Employee training comes next, and this should not only include a needs-assessment by employee type, but should also educate employees on why such actions are important and how they can assist in improving company security.
Finally, there must be a mechanism for employees to provide feedback to IT and a service level agreement should be in place for how to respond to employee input and requests. Often IT is able to improve the effectiveness of workflows and policies simply by listening to employee feedback.
How SME’s adapt to the preferred behaviours of their workforce may be the make or break for long term growth. Embracing the need for openness, innovation, collaboration and some degree of risk is good – but only when an organisation can understand and plan for the security risks these behaviours bring with them.