It’s easy to think of cybercrime as an issue exclusive to bigger businesses where the databases are large and worth the effort to hack. In reality, no company is too small to catch the eye of an online attacker.
As the most recent edition of Verizon’s Mobile Security Index points out, much of today’s cybercrime is no more targeted than email spam, and small businesses are equally at risk of attack — but far less able to cope once it happens. Fortunately, while addressing a breach is expensive and complicated, you can significantly reduce your risk of suffering an attack by making just a few small changes to your mobile security practices and a relatively modest investment.
Small Businesses Are Targets
A data security breach into a large business is more likely to capture headlines, but many more small businesses face hacks, attacks and ransoms. The Verizon report shows that almost a third of small businesses (29 percent) experienced at least one mobile security breach in 2018 — nearly double the 15 percent from the year before.
As mobile devices have grown beyond a means of checking email and into a critical component of business processes, they have become broader and richer targets for exploitation.
Businesses of all sizes and industries recognize that the mobile threats are real, with 88 percent of believing that the risks associated with mobile devices are serious and growing.
Small Businesses Are Less Prepared
Businesses with fewer than 500 employees are the least likely to have formal processes in place to deal with ransomware or other data loss issues, and are often the last to know there is a problem. As many as 58 percent of small businesses didn’t realize they had suffered the breach until they were informed by a third party or law enforcement.
Even worse, small businesses face severe consequences. Among the businesses surveyed in the report, 66 percent suffered downtime immediately after an event, 32 percent said the necessary actions to recover from a cyberattack were “difficult and expensive,” 55 percent saw other devices compromised in the process, and 55 percent lost data. In some cases, the toll of all this distraction and cost can be enough to put an SMB out of business.
Most of the Threats and Causes Are Avoidable
Employee education around cybercrime is part of the answer, but it is very difficult to keep everyone aware and vigilant to an ever-changing threat with increasing sophistication.
In the Verizon report, businesses of all sizes admit they can and should do more to protect themselves. Less than half of those report having any of the four basic protections in place: data encryption, security testing, access restrictions and the user requirement to change from default passwords.
A Few Things You Can Do for Free
Luckily, there are simple tools and practices that are easily available to businesses of all sizes that significantly reduce your security risks in relation to mobile. As part of the report, Verizon includes a framework for self-assessing your mobile security, much of which does not entail additional spending — but does require some attention and change to policy and process. Larger organizations have people or even departments assigned to manage these risks, educate employees and develop policy and process. These luxuries may be inaccessible to smaller businesses, but they aren’t required to move on down on the road toward improved mobile security.
- Do a self-assessment. Spend half a day reviewing your current mobile security risks and practices. You don’t have to figure this out on your own. Verizon’s Baseline, Better, Best model provides a simple set of guidelines that can help you better understand where you are and where your gaps are exposing you.
- Establish a Bring Your Own Device (BYOD) policy. Even if your employees use their own mobile devices for work, it’s imperative that you clearly state what your expectations are and why. Less than half of respondents (45 percent) in the Verizon survey had an Acceptable Use Policy in place. In an unmanaged BYOD environment, a wide range of devices will come through the door each day, many containing viruses and apps that are already compromised. These devices represent your most likely threats, and yet they are the easiest to eliminate through a policy that sets basic criteria for the devices that are allowed access your corporate networks and data. Samsung offers a comprehensive BYOD policy guidebook and template that can set you on the right path.
- Remember that employee education never ends. According to the report, the two biggest causes of mobile-related compromises affecting small businesses were insecure Wi-Fi hotspots and individual user mistakes and errors. While you should start by educating your employees on the basics of cybersecurity, each time a cybercrime event makes the headlines, use it as an opportunity to refresh the conversation with your employees. Speak to the policies, procedures and technologies that help protect your business (and your employees’ jobs) from these threats. At the same time, remind them how their individual actions and daily choices are equally important as the policies you’ve put in place.
A Few Things You Can Do for a Modest Investment
Just as you lock your doors during the day and periodically check the batteries in your smoke alarms, a few small investments go a long way in securing your mobile environment and preparing for the increasingly likely event of a breach.
- Deploy Mobile Device Management (MDM). Even if you don’t think you need all the functions of Enterprise Mobility Management (EMM) or Unified Endpoint Management (UEM), you need to have MDM. MDM has become inexpensive, yet remains highly effective at securing mobile devices. Samsung Knox Manage is a cloud-based platform designed to take full advantage of the advanced APIs that Samsung makes available in their hardware. It’s straightforward, cost effective and complete, as it offers consistent management support for Samsung and other Android devices, as well as iOS, Windows 10 and Tizen. Knox Manage has the added benefits of being backed by a global organization with an extensive support network, promoting a robust experience that makes mobility secure and business-ready — and it’s available for a 30-day free trial.
- Provide Employees with Up-to-Date Devices. Issuing phones to your employees allows you to take full control of mobility, and may actually save you money in the long run, as you can easily and more effectively secure your mobile devices and protect your small business from a crippling cyberattack. It also saves time and costs while planning application rollouts, as you avoid the compatability challenges associated with a mixed OS environment. A phone is an excellent perk for employees and doesn’t cost much more than providing a stipend.
Security Alert Fatigue Is a Problem for Everyone
With smart devices and computers sending alerts our way left and right, we’re often inclined to swipe them to the side without paying them any mind. It’s worse for people in positions where alerts are part of their job, such as nurses and security professionals, who both suffer from a very real problem referred to as Alert Fatigue. This is a version of the adage, “When everything is a priority, nothing is a priority.”
If you are responsible for a small business, it is important that you don’t let yourself literally swipe this problem away. A few small steps in upgrading your approach to mobile security can pay extraordinary dividends in allowing you to reap the benefits of mobile productivity — without suffering the increasing likelihood that inactivity will put you out of business forever.