Despite themes around tech and cyber security being some of the most popular content that we run in PCR, it’s surprising how many companies still fall short of the mark when it comes to properly securing their networks, devices, printers and more. And it’s not just the network and devices in the office anymore. As more and more employees work remotely – with the current climate being the perfect example of just how many can work from home – companies must think about their security needs outside of the office as well.
“In the past, most security breaches came via the network. Today, threats are increasingly coming in through endpoint devices such as smartphones and laptops,” explains Paul Lipman, CEO of BullGuard. “As a result, the model of centralised network protection isn’t working as efficiently as it did before BYOD became more frequent. This means business device security has gradually acquired new layers of security for endpoint protection.
“It’s important because companies are opening up data access from mobile devices to create better efficiencies and more responsive sales forces. This presents new complications as employees are working from home on their own and potentially with safeguards that aren’t strong enough.
“For instance, some connect to corporate networks via public Wi-Fi, which is inherently vulnerable. Research into SMB cybersecurity carried out by BullGuard in January this year revealed that one in five SMBs have no security on their endpoint at all,” reveals Lipman.
“Furthermore, one in five people take significant risks by failing to check if public Wi-Fi connections are legitimate rather than those set up by hackers. At the enterprise level at least, over the past few years we have seen a greater shift towards endpoint cybersecurity software which uses encryption and application controls to secure devices accessing the enterprise network. Encrypting data on endpoints helps protect against data leaks and loss. Application controls prevent endpoint users from downloading unauthorised applications that could create vulnerabilities or unload malware onto the network.
“This shift has been gathering pace over the last two years or so and is becoming mainstream as organisations begin to understand just how vulnerable they are to data loss via business devices. There has been a variety of technologies around for a long time designed to secure business devices, and their usage has largely been ad hoc, but today protecting business devices has gone from a trickle to a steady stream. However, it’s worth pointing out there are still substantial numbers of smaller companies that tend to think they don’t need this level of protection.”
Alan Hayward, marketing and sales manager at SEH Technology UK & Ireland, agrees that digital technologies are transforming the business world, with a growing number of organisations adopting IoT devices and moving their data to the cloud.
“Whilst it presents a range of opportunities, it also brings a number of challenges including the evolving security needs that come with expanding digitally. As an increasing number of applications, data and processes become digital, the more opportunities there are for cyber crime. Data is also extremely valuable in today’s business world, meaning the potential for damage due to a data breach or hack is at an all time high,” Hayward tells PCR.
“With increased potential points of entry, it is quickly becoming more difficult for cyber security professionals to keep up with all threats. This is especially the case for businesses that host their servers in the cloud, as it means their networks aren’t contained and require protections that restrict access. Digital technologies have also increased the speed at which software can be created or updated, often meaning that companies struggle to keep up with security processes. The ever increasing speed of change makes it easier for security vulnerabilities to slip through.”
With more remote office workers than ever, how has this affected the way businesses protect their networks, and their company devices?
Nick Offin, head of sales, marketing and operations at dynabook Northern Europe, tells PCR that, according to an IWG study, half of business professionals work remotely for at least half of the working week – whether that is working from home, at a client site, or commuting on public transport.
“Mobile working and remote system access through BYOD offer great benefits to both staff and employers, however, they open up new potential threat vectors and present new challenges in relation to data security device management,” says Offin.
“For businesses who encourage remote working, it’s all about data access control and encryption. In line with changes to the modern working environment and the growth in the number of cyber attacks on businesses, we’re seeing more employee devices equipped with the latest security hardware and software to provide robust protection against potential risks. Laptops which boast advanced biometric features and hardware-based credential storage capabilities offer a stronger defence mechanism against password or access hacking.
“However, today’s cybercriminals are increasingly sophisticated, and businesses need to help nullify data- related threats by withdrawing sensitive data from the device itself when it isn’t needed. Zero client solutions provide this extra layer of security. With information stored away on a central, cloud-based system, these solutions protect against unsolicited access to information if a device is lost or stolen. This is especially useful for mobile workers looking to access data outside of the office or on the move.
“Digital technologies have increased the speed at which software can be created or updated, often meaning that companies struggle to keep up with security processes”
Alan Hayward, SEH Technology
Offin points out that another thing to consider is employee training: “According to research, almost 90% of data breaches are caused by human error. For example, it’s well known that passwords are merely a speed bump for today’s sophisticated cyber criminals, and all it takes is for one wrong click on a fraudulent link or a laptop left on a train to compromise business or employee-sensitive data. “With this in mind, it’s now become fundamental for companies to educate their staff on the concepts of cybersecurity and how to handle sensitive information correctly, especially as mobile workforces are on the rise. Part of that training should include insight into the business’ security setup, why and how certain security solutions are deployed, and their own responsibility to carry out good cybersecurity practices.”
Advice for new businesses
BullGuard’s Lipman warns that smaller businesses simply don’t think they will be a target for hackers: “Enterprises have learned their lessons and understand the consequences can be serious, such as a negative impact on reputation and the bottom line. Cybersecurity at enterprises is now on the boardroom agenda, but for many small businesses it simply doesn’t register.
“You can look at volumes of research and study and they all point to increased cyberattacks aimed at smaller businesses. But even simple things like good password policies can elude them. And certainly, mobile business devices, and all endpoint devices, need sturdy protection. One device infected with ransomware can infect the entire network and all the devices on it, which in some cases can have a significant impact on a small business, even causing closure.”
His advice for new or growing companies when it comes to protecting their business devices and printers? “Don’t relegate cybersecurity to the bottom of the agenda”.
“It needs to be prioritised alongside operational plans, growth projections and revenue targets. If a company is compromised because of poor cybersecurity, growth and revenue targets may well turn to ash,” says Lipman.
“The first step is to have good cybersecurity on all business devices; security that can be managed centrally and simply via a cloud portal so that all devices can have updates applied at the same time, and can be monitored at the same time.
“Only printers connected to the internet can be hacked. And how often do you need to remotely print something? It’s better to simply disconnect your printer from the internet, in which case it will still be accessible through the local network, and only connect to the internet when you need to print remotely which for most is on very rare occasions.
You can also change the printer’s username and password if it uses login credentials. In fact, it’s important to never use default ID credentials for any device connected to the internet. Hackers can swiftly find default ID credentials for any device. And finally, turn off your printer when it’s not in use.”
“Mobile business devices, and all endpoint devices, need sturdy protection. One device infected with ransomware can infect the entire network and all the devices on it”
Paul Lipman, BullGuard
SEH Technology’s Hayward outlines how growing businesses are an “attractive target” for hackers: “Many new or growing businesses are not well prepared for the tricks that hackers use to extract data from their devices or to deal with the consequences of data breaches. These businesses can offer a more attractive target for hackers than larger companies, as they often don’t have as many resources to dedicate to security.
“The next step involves understanding what data the company has, where they are storing it, how they are using it and who can access it, in order to be aware of why a hacker might pursue it. New or growing companies should also remember to educate their employees on how to protect data and the newest fraud schemes. They should be encouraged to employ best practices such as not opening attachments or clicking suspicious links in unsolicited email messages.
He concludes: “When it comes to protecting data, new or growing companies can consider a multi-layered security approach. This means deploying many different levels of security to protect data, working across different technologies and applications.
“By working together, these security layers provide a better chance to prevent hackers gaining access to the network than just a single security solution. This may include, internet protection, email and file security or virus and malware protection.”
PCR’s 30 Under 30 list 2020: Nominate yourself or a colleague now! All details here.
Read the latest edition of PCR’s monthly magazine below: