A new year brings new security challenges. To make things more difficult, the old challenges aren’t necessarily going away.
Security risks pose potentially significant problems for small and medium businesses not prepared for them. If you fail to address them, there’s a good chance your business never recovers.
Fortunately, it’s not all bad. The first step to prevention is knowledge on what you actually need to prevent. With that in mind, consider these 7 threats small businesses are and will be facing in 2019, along with tips on how you can prepare your own organization against each threat.
7) Shadow IT Systems
Shadow IT is not going away anytime soon. According to one November 2018 study, nine out of 10 employees don’t feel that IT should have final say over what applications they use. If what your organization provides isn’t enough, they branch out on their own. The result, too often, is systems not designed for the enterprise being used frequently by your individual teams.
The results could be devastating. A report by Cisco found that 27% of non-authorized apps used by employees across industries are consider ‘high risk’. Your teams want to get their work done, and they don’t care (or even know) if using their own software to do it compromises security. Even and especially for small businesses without the capability to implement restrictive policies, this can be a serious problem.
How to Address It: Integrate Important Systems
This one can be solved through collaboration. Instead of trying to play whack-a-mole with apps your employees use, ask them what systems they want and need to be successful. Then, work towards implementing these systems into your regular workflow. Productivity apps like Slack and cloud storage like Dropbox are among the most common offenders. So why not integrate them into your own computer network?
6) IoT and Voice Assistants
We’ve become used to connected devices in both our personal and professional lives. It might be the smart TV in the conference room, or the WiFi-enabled thermostat in the storefront. That’s without even mentioning the voice assistants in phones and standalone devices, set to an $11 billion market within the next five years.
The internet of things is convenient, and can enhance productivity when used right. It’s also dangerous. It provides a gateway to your local network, providing potentially damaging access to important data. According to one 2018 report, 61% of organizations have experienced at least some security threat through connected devices.
How to Address It: Integrate Devices Into Your Network
You can’t ignore them, and they might even be helping your productivity. So instead of abandoning them, integrate connected devices into your secure network. Even including them in your firewall protection can be a life saver. Another tip is even simpler: when the work day is done, unplug them. That way, you don’t expose yourself to unnecessary risk when nobody is there to monitor it.
5) Targeted and Loose Malware
Malware, short for malicious software, is among the oldest and most persistent security threats for businesses. It describes anything from common viruses that shut down systems to spyware that traces user actions and steals valuable data. Recently, INC.com revealed two types of malware slated to have a particularly significant impact on small business websites in 2019:
- Backdoors, simple ways into a business network that are difficult and sometimes impossible to trace. The first six months of 2018 alone saw a 140% increase in this type of attack.
- SEO Spam, leveraging Google’s algorithm against competitors. Recognizing that search engines punish link buying, black hat marketers have begun to buy links to a competitor to damage their search rankings.
Of course, malware can impact far more than just websites. But its impact on that specific aspect of small businesses, especially considering how crucial websites have become, is still worth mentioning.
How to Address It: A Secure and Updated Network
Cybercriminals don’t tend to stop or rest on their laurels. They continually devise new ways to attack small businesses. The only way to keep pace is to be just as active. A secure and updated network with current anti-virus systems and a comprehensive firewall is your best defense against these types of attacks.
4) Personal Devices
Not all cyber threats have malicious intent. It’s almost impossible to find a small or medium-sized business where employees do not bring their own devices. It might just be the occasional smartphone, used to check work emails. Or it might be a laptop used during a workday when the computer shuts down or you need a second screen.
One recent study found that more than 60% of employees now use their smartphone for work purposes. That number will only rise in the near future. Unfortunately, each new device not configured or overseen by IT represents a new security threat. Ignore it, and you can easily lose control over your data while providing easy access to your network.
How to Address It: A BYOD Policy
You won’t be able to prevent your team from bringing in their own devices. Done right, however, you can control it. A bring-your-own-device (BYOD) policy is a great start. It helps you set limits over what activities employees can and cannot complete on their personal devices.
3) Unlimited Server Access
Especially as your business grows, it’s easy to lose track over who has access to what in your network. Worse, most small businesses don’t restrict it at all. That makes sense when it’s just three of you just starting out. Once that number grows to 10, 20, or more, you probably want to keep some of that access in check.e
If you don’t, the consequences can be devastating. They’ll only get worse as your data load increases. The amount of data we use and store every day is mind boggling, and will only rise in 2019 thanks to opportunities like the above-mentioned internet of things. Without organization, you risk potentially unintended chaos of employees not being able to find what they need. Worse, what if they start digging around in information they have no business accessing?
How to Address It: Data Hierarchies and Security Roles
It starts with classifying your data. Sort your information into tiers, from most to least sensitive. Then, set security roles based on these tiers. Give each group of employees only the access they need to be successful. With hierarchies and security roles in place, you can secure your data without hampering productivity.
2) Weak or Single-Factor Passwords
We’re just three months into 2019, but already heading towards a tipping point. Almost 80% of the general population uses just one password for all online accounts. Almost one third have shared that password with two or more people. Here’s the problem: they probably use that same password for your company accounts, as well.
Weak passwords are a security risk that’s as obvious as it is significant. If someone looking for your data can simply gain access by guessing, your business is in trouble. Unfortunately, we probably won’t be able to change human forgetfulness and hunger for convenience, the two major reasons for this security issue. Another solution becomes necessary.
How to Address It: Education and Multi-Factor Identification
First, it’s education. The more your employees know about the dangers of weak passwords, the better. It cannot end there though. Businesses are starting to implement two-factor authentication, but 55% of users still report not leveraging that opportunity. A switch to requiring more information than just a weak password can help fix this problem before the issue threatens your business.
1) Employee Negligence
Finally, we end with an all-timer. Employee negligence and human error still ranks as the biggest reason why companies experience data breaches, accounting for almost 85% of all breaches. That leaked data the public doesn’t have to be due to an evil genius. It could just be an employee who sent the wrong email, stayed logged in while using the restroom at a local coffee store, and so on.
How to Address It: Training and Education
When that happens, the best security effort probably won’t help much. Instead, you need a more human-based approach. Train and educate your employees on basic security practices, like logging out when they’re not at their screen or restricting attachments to company emails. Plenty of free online resources can help you find the right topics and approaches to get through to your workforce.
Are You Ready to Prioritize Cybersecurity in 2019?
The ever-expanding possibilities of the internet are bringing with them new security threats. Small businesses who want to succeed have to make sure they’re aware of these threats, as well as how to address them. Some of them require basic training. Others need a more comprehensive, software-based approach.
Either way, implementation should be a long-term priority for any business directly or indirectly leveraging the internet. If you lack internal resources, you might need a partner. That’s where we come in. Applied Innovations specializes in the topic, and we’d love to chat about our opportunities to work together. Contact us to learn more about addressing the threats you might be facing, along with solutions for them.