When it comes to the cybersecurity posture and architecture of your organization, there’s no fixed recipe for success. With the landscape in constant flux and new vulnerabilities being discovered daily (head over to Cisco Talos for the latest reports), securing your business and protecting all your valuable data could seem daunting. In fact, with the current global remote work situation forcing businesses to rethink the future of work, the cyber threats are all the more heightened.
Although the end of 2019 presented promising predictions for SMBs on their digitalization journey in the new year with projected growth in ICT spending of 5.4%, this estimate has since been more than halved a mere quarter later, according to a global study on the Coronavirus Impact on SMB IT Demand by Analysys Mason. In these uncertain times, the bleak economic outlook naturally entails changes in priorities and often, reductions in investments. However, it is promising to note that security remains one of the top priorities for SMBs alongside collaboration, e-commerce and customer-facing-app development according to the same study. With more dependence on digital solutions including collaboration tools and remote working platforms, it is important to ensure that cybersecurity posture remains robust no matter the extenuating circumstances.
Of course, while this is ideal, not all SMBs are well-equipped with the financial resources – especially not now. But that doesn’t mean waiting like a sitting duck for the inevitable to happen (though note – it is better to think when, not if when it comes to cyberattacks). In fact, we often find that simple steps can make a big difference to how robust a business’ cyber measures are – regardless of its size.
So, what can SMBs do to navigate the murky depths of securing their networks, endpoints and infrastructure? Read through our checklist and see how many boxes you tick.
1. Education is Key
You could have the most fool-proof cybersecurity posture in the world, but all it takes is for one unsuspecting employee to click on a suspicious link or download a questionable file for all of those measures to be compromised. A chain is only as strong as its weakest link, just as your SMB’s cybersecurity is only as robust as its least informed team member.
Nowadays, there are many associations that organize basic and often free cybersecurity classes or cyber hygiene workshops that aim to inculcate attendees with the knowledge to identify and tackle common hacker tactics – such as the telltale signs of a spear phishing email, the importance of a good password (let’s face it, we know ‘password’ is still one of the most common log-ins) or what to do in case of a ransomware attack. Ensure your whole team is trained to question and critically analyze IT activity – not just your office or IT manager.
2. Access Control
With today’s new reality where majority of workforces are working remotely, it can get a bit tricky to keep track of who’s connecting to your network, and more importantly – what they’re accessing, uploading and downloading. As employees move beyond company-issued laptops and use their own mobile phones, personal computers and tablets, the number of devices accessing your network has increased exponentially – providing nefarious cyber-criminals with even more entry points.
Having a solution in place that gives a few set administrators and decision makers visibility and oversight into what devices access the network will go a long way towards keeping your data safe. Solutions can enforce rules and policies that restrict access to certain sensitive segments of the network, and also prevent users from accessing unsecured websites or downloading suspicious files.
I’m sure all of us have been guilty at one point or another of ignoring the pop-up that reminds us a ‘software update is available’, perpetually postponing it until we end up forgetting about it altogether. However, if we look at a number of recent hacks including COVID-19-themed campaigns claiming to have hard-to-get emergency supplies or the likes of Ransomware and WannaCry, they remind us that hackers can easily and quickly exploit a vulnerability in software that hasn’t been patched.
Many SMBs are entirely dependent on software suites, so patching should never be treated as optional. Instead, updates should be set to auto-download at regular intervals, without being able to be overridden to ensure there’s no ‘easy in’ for cybercriminals to exploit. This goes the same for all personal devices as well – always ensure that your devices are up to date with the latest software updates to stay protected.
I think we’d all safely agree that a business’ data – from customer details to behavioral insights, or simply saved documents – is one of the most valuable assets an organization has. So losing even a single byte of that data could land your SMB in big trouble – whether that’s in terms of your reputation, especially given the introduction of new laws like the General Data Protection Regulation (GDPR) in Europe, or financial losses caused by downtime.
Back-ups ensure that you always have a point from which to restore your data should you need disaster recovery. For example, in the case of ransomware, where files are typically deleted if ransoms are not paid, having a secure backup of your database minimizes disruption to ongoing business activities.
5. Picking the Right Cybersecurity Partner
There are numerous cybersecurity firms in the market – ranging from legacy companies with rich histories to aspiring startups that run with cutting edge technology – all who claim to be “market leaders” or “best in class”. While there might be a sliver of truth to those claims, organizations should first and foremost ask themselves what is it that they absolutely need to protect.
Consider, for example, a startup with remote employees using their own devices to connect to the shared cloud – in this situation, the business may be better off looking at solutions that offer comprehensive endpoint protection. Meanwhile, an SMB with an IT department of one might gain more from using a solution that automates granular tasks like monitoring traffic. One easy way to simplify your SMB’s security needs is to ensure that you are protected across 3Ws – workforce, workplace and workloads. At the end of the day, it boils down to the needs of the business and ensuring that the solutions an SMB invests in listen and respond as a coordinated unit as opposed to picking individual products that are rife with incompatibility.
Want to see whether Cisco could be the partner for you? Get in touch with our cybersecurity team today to discuss your challenges.