Small businesses could be forgiven for being blasé about information security. Many simply assume that the data they hold isn’t the sort of thing hackers are looking for. But many small businesses work with much larger businesses, and this attitude makes SMEs prime targets for attack.
Hackers will always aim for the weakest link in the chain. In many cases, it’s not your systems that will let you down. Even the best firewall can’t protect your network if your users are leaving the back door open, even if they do it unwittingly, and without malice.
While a small number of employees seek to wreak havoc when they are dismissed from a position, many create security problems without realising they’ve done so. Simply logging on to the wrong network can cause myriad issues. In an age of remote working and international travel, free WiFi is the commodity most mobile workers want, yet it’s one of the most dangerous too.
A WiFi network with a simple password is often a convenient way to log on to a bank, or quickly check email. But man in the middle attacks are possible, and users may transmit login details over unsecured connections. According to an Intel Security survey, 38% of respondents were happy to use unsecured WiFi on holiday, while half didn’t know how to protect themselves while using those networks. There’s also a risk that a ‘fake’ network springs up, serving cloned, insecure versions of the pages you request.
The same problem arises under Bring Your Own Device programs; if a phone is left unattended in a public place, it’s an instant risk. Badly managed devices and the use of questionable websites can amplify the risk. Many BYOD policies seek to prevent this kind of usage, but it only takes seconds for a screen lock to be compromised. And if the user is sharing work documents over non-authorised cloud services, one slip could cause those documents to be made public.
Policies and Prevention
As remote working increases, there’s a real need to educate people and put policies in place. Strong passwords need to be enforced, and service desk staff need to proactively monitor usage. Any logins from unusual destinations must be immediately flagged up and investigated.
The use of non-authorised cloud services should be prohibited on BYOD devices, since the business is cut out of the management process. Additionally, users can be schooled on ways to create memorable, but unique, passwords, minimising the chance that one password could be used for every network or service.
Schooling Users on Security
When you’re used to typing dozens of passwords during your working week, it’s easy to become complacent. Likewise, public WiFi can be a welcome boost, particularly when travelling overseas, and many people simply don’t realise how risky these networks can be.
But when the user returns home with malware, or they inadvertently leave an unlocked device on the train, the business can face everything from data theft to penalties for data protection breaches.
We’re all used to being relatively autonomous when it comes to using IT at work. But even the best encryption and most robust firewall can’t defend against poor practice. The best way to mitigate this considerable risk is to ensure your users understand what’s at stake.