- May 14, 2024
- Catagory IT management
Human Factors Threaten SMB Cybersecurity Efforts
Small and medium-sized businesses may be spending more on cybersecurity, but human factors still pose a significant threat.
A recent survey by password manager provider LastPass found that although SMBs have become proactive with security investments, a survey of more than 600 business and IT security leaders from companies with fewer than 3,000 employees found that human factors continue to make them vulnerable to attacks by cybercriminals.
The LastPass survey found there was a gap between how SMB leaders were tackling cybersecurity and employee behaviours.
The good news is that SMB executives have increased their attention and investment when it comes to cybersecurity. The LastPass survey found that 90% of IT leaders and 80% of non-IT leaders reported an increased focus on cybersecurity measures over the past year, with 82% of businesses boosting their cybersecurity budgets.
The bad news is thereâs a disconnect between executives and their employees. Most executives and IT leaders said they feel confident about their cybersecurity measures, with only 30% of leaders believing their company faces a high risk of cybersecurity threats.
However, among the rank and file, only 78% of non-IT leaders believe employees understand the security expectations of their jobs, the survey found. More troublesome is that 1 out of 5 non-IT leaders admits to circumventing security policies, while 1 in 10 IT security leaders admits to circumventing security policies.
The LastPass survey suggests that despite increased investment in cybersecurity, their efforts are being undone by employee behavior. To get the most from their security budget, SMBs need to be mindful of the human factors that make the organization more vulnerable to an attack and subsequent data breach.
Small steps go a long way, and LastPass makes five key recommendations to encourage employee behavior that mitigates human factors that might put the organization at increased risk:
Ramp up cybersecurity education: SMBs should develop clear communication strategies and regular training sessions for all employees so they understand their role in maintaining robust cybersecurity, and every part of the organization must understand and commit to security policies.
Create incentives: SMBs should have stronger incentives for security compliance, balanced by stricter consequences for violations as well as policies for when itâs acceptable to bypass security measures to get work done. A culture of for reporting violations must also be fostered.
Embrace threat intelligence: SMB leaders must be able to identify and protect valuable and critical business information and know where the threats are coming from by investing in a threat intelligence-led security program.
Mandate password managers: Password management requires critical attention, according to the survey, so password managers combined with continuous education on password security are essential.
Brace for AI threats: Phishing attacks, cloud vulnerabilities, and the potential for business data loss due to ransomware attacks or malware are getting help from AI, so itâs important to fight fire with fire and adopt AI-driven security tools that provide advanced threat detection and response capabilities.
Cybersecurity is a continuum, and SMBs canât be complacent even with increased investment. Human factors must be continually addressed through education, policy, and technology adoption.
Small and medium-sized businesses (SMBs) are not much different than larger organizations when it comes to sensitive data or IT infrastructure, which makes them a popular target of cyberattacks.
Often, threat actors use the same methods to attack SMBs as they do enterprise organizations.
Viruses
Viruses and malware remain a popular tool for threat actors who want to hinder an organizationâs IT infrastructure. Once a virus finds its way through one endpoint, such as a business workstation, it spreads through email messages or sharing of infected files across the network.
Ransomware
A ransomware attack involves a hacker taking control of computers and servers and then locking authorized users out. Access can only be regained by paying the hackers a ransom. Worse yet, control may not be given back even after the ransom is paid.
Phishing
Phishing attacks are a little subtler than viruses, malware, and ransomware in that they trick users into sharing sensitive information, including credentials, financial information, and valuable intellectual property through social engineering techniques. Your employees are misled by professional looking emails and slick websites that look like the real deal but were designed to deceive and collect sensitive data.
Distributed Denial of Service (DDoS) Attacks
The server that hosts a companyâs website gets many requests from other computers that it responds to. Threat actors launch a DDoS attack by sending millions of fake requests which overwhelms the server â all its focus and processing power is trying to respond to each of these phony requests and it becomes unable to provide access to real users.
Your Own Employees
Unfortunately, your own people can present a threat to your cybersecurity, most often through human error. If an employee fails to practice adequate security hygiene by neglecting to properly protect their credentials by connecting remotely via an VPN, threat actors can weasel their way in and gain increasing levels of access to more sensitive areas of your network and key systems.
Sometimes breaches can be physical because someone accidently leaves their device unattended while working on the road or leaving a door open to a server room. Worse yet is when a disgruntled employee decides to misuse their credentials for their own profit and steak intellectual property, customer data or financial information.
Assess, Protect and Respond
SMBs must mirror their larger counterparts if they want to avoid cyberattacks and be proactive. Itâs critical that you assess your security posture, implement the capabilities to protect users, customers and data, and be prepared to respond to any threat to mitigate it and reduce the risk to your business operations and your reputation.
- September 14, 2023
- Catagory Security
SMBs Must Confront Cybersecurity Challenges Head On
If youâre a small or medium-sized business (SMB), youâre a prime target for threat actors who want to poke holes in your cybersecurity.
While enterprises are valuable targets due to the wealth of data they transmit and store, todayâs digital landscape means size doesnât matter â every business is storing information that is worth stealing. However, SMBs face greater resource constraints, not only in terms of cybersecurity, but IT in general, even though they still handle plenty of sensitive customer data, including financial and health information, as well as valuable intellectual property.
If youâre an SMB, you probably work with bigger companies, which means youâre part of a supply chain. And while you think youâre too small to matter, you can be a vector for bad actors to attack your business partners.
Todayâs cybersecurity landscape means SMBs must be aware of the common threats to their business, as well as understand how to contribute to a more secure supply chain.
What SMBs are up against
Viruses and malware remain the most common threats to your cybersecurity. Keep in mind itâs not only external threats that SMBs must be mindful of â your employees can help to open the door to threats through human error by opening a suspicious email, clicking on an attachment, or not taking more care to select unique, strong passwords.
Insiders may even intentionally compromise your cybersecurity by using their credentials to access data they shouldnât. Even an honest mistake by an employee can open the door to sensitive information, leading to a breach or even a ransomware attack that cripples your operations and damages your reputation. Social engineering in the form of phishing attacks trick employees into divulging information or allowing unauthorized access to applications and systems.
The most common approach threat actors use to disrupt business and cause SMBs downtime are Distributed Denial of Service (DDoS) attacks, which flood your web servers with fake requests as to render them useless to everyone, including your employees and your customers.
As new technology emerges, the cybercriminals find new opportunities. As SMBs move the cloud, so do threat actors by âcloud jackingâ â they target vulnerabilities in the cloud infrastructure. Hackers are also using the latest technologies to launch their attacks, such as networks of botnets to distribute spam and steal data. Advances in artificial intelligence and deepfake technology make it even easier for SMBs to be tricked by fake content that might cause an employee to share privileged information or their access credentials.
No matter the technique, a data breach can lead to a disruption of your business or downtime â both of which always lead to lost revenue.
Cybersecurity essentials
Itâs easy for SMBs to get overwhelmed by todayâs cybersecurity requirements, but you can better protect your business from the many threats lurking in the digital landscape.
- Assess: You need to know where your vulnerabilities are, especially when it comes to remote work, which should be enabled by a Virtual Private Network (VPN).
- Educate: Your employees play a key role in securing your organizations through awareness training and good security hygiene, including the use of strong passwords, multi-factor authentication (MFA), and access management technologies.
- Update and patch: Make sure you are using anti-virus software and keeping it updated, as well as applying any patches to applications and systems.
- Secure your networks: Aside from VPNs, be sure deploy robust firewall security along and intrusion detection systems, and regular network monitoring.
- Back up critical data: Itâs not a question of if a disruption will occur, but when. Being able to restore data allows you to recover from an attack quickly and avoid downtime.
The most important thing to remember is that your cybersecurity posture is never assured â you must continue to run regular audits, as well as update incident response and disaster recovery plans.
Given the resource constraints commonly faced by SMBs, consider turning to a managed service provider with cybersecurity expertise. They can help you conduct an assessment and maintain a state of ongoing readiness that allows you to handle the whatever threat comes your way.
The cloud has leveled the playing field for small and medium-sized businesses (SMBs), enabling them to scale up and compete with bigger players, but keeping on top of technology trends can be daunting and overwhelming.
Hereâs what you should keep an eye in 2023.
Security
Weâve already dove into whatâs in store for cybersecurity in 2023, but we canât overstate the importance of understanding the threats that are out there and growing, as well as the technologies at risk and those that can help you improve your security posture.
Remote work management
Tightly tied to security is your ability to manage remote workers. The hybrid workplace is likely here to stay, so you need to have solutions in place to support employees wherever they are, including best practices for onboarding them and closing off their access should they leave the organization.
Collaboration tools
No matter where your employees work, the ability to efficiently collaborate gives SMBs a competitive edge no matter your industry, and it helps to attract and retain talent. You must have a platform in place for management of files, chat, video meeting and communications to avoid employees getting siloed so they can be efficient, collaborate and engaged. Securely, of course.
Automation
SMBs who want to be nimble and keep pace with larger competitors must look at where they can automate â IT teams need to be able to focus on strategic initiatives such as digital transformation, not every minor aspect of onboarding and managing remote workers including identity management. Having strong polices in place supported by automation will relieve pressure on IT staff and contribute to a better security posture
Sustainability
Businesses of all sizes including SMBs will be under increased pressure to make sure theyâre lowering their carbon footprint with more sustainable technology, whether itâs on-premises IT infrastructure or what theyâre purchasing through suppliers, including their managed service provider, right down to the chips powering the servers. Reducing your carbon footprint is an opportunity to streamline the technology youâre running and the data youâre storing, so youâre not spending money using energy unnecessarily.
What wonât change in 2023 is that keeping up with technology trends can be daunting for SMBs, which is why you should consider working with a managed service provider to best understand how to adopt and adapt to optimize your operations and improve your bottom line.
- November 7, 2019
- Catagory Managed IT Services
IT strategies for SMBs should include a managed services provider
IT strategies for SMBs are essential for organizations looking to scale and up grow their bottom line, but many face the same challenges as large enterprises without the resources.
There are ways to do what the bigger players are doing so you can grow your organization and your profits, but IT strategies for SMBs must have a vision, an understanding of the cloud solutions available to them, and consider how a managed services provider can get them were they need to be within their budget.
IT strategies for SMBs start with an audit
Not all businesses are the same, so IT strategies for SMBs will vary by industry and inherent regulatory frameworks, business models and overall digital maturity. Regardless, there will be low hanging fruit that can advance the organization quickly and affordably, while other initiatives will be multi-year projects that must to be broken down into achievable milestones.
Common goals within many IT strategies for SMBs are tapping into needed talent, which could involve recruitment and retention of employees or selective outsourcing to access skills on demand, improving agility by automating tasks or handing them over to a business process services organization. Given the ramifications of data breaches, bolstering security should also be a priority and embedded within all growth activities. It also might be achieved with automationâeven artificial intelligenceâor turning to a managed services provider for help. Most organizations are looking at how they can improve overall productivity.
IT strategies for SMBs should identify priorities based on a comprehensive audit of your environment, whether itâs your own on-premise infrastructure or cloud deployments, including use of the public providers. You canât have a vision of the future without knowing for sure where you are today. This assessment is also something that can be done in collaboration with a managed services provider and can clarify your current security and compliance posture.
There are solutions in the cloud
Your IT audit can help you easily identify what you can do by yourself and what elements of your strategy are better executed with the help of an experienced technology partner.
There are number of solutions available with IT strategies for SMBs in mind. You might begin by implementing organization-wide, online collaboration with Microsoft Office 365 and Teams, or alternatively, go the Google route with Gmail for business and Docs. Youâll want to think about the value of consolidating solution providers as simplicity for SMBs can keep costs under control and ease user adoption. Even if you go best-of-breed, most cloud-based SMB solutions are pay-as-go so you can budget expenditures as you grow.
No matter what solutions you adopt, remember theyâre only as good as the workflows and processes you foster and the underlying infrastructure that supports them. In case of the latter, itâs one of the first things you should consider handing off.
Leverage the investments of a managed services provider
As much as any SMB requires technology to operate and is just as driven by data as its larger counterparts, theyâre not in the IT business. And just as cloud-based SMB solutions are pay as you go, managed IT services providers offer similar pricing flexibility and can scale up and down in alignment with the ebbs and flows of your business.
Once youâve done an audit to understand where you are and where youâre going, you can figure which problems are best solved by a managed services provider, even if itâs only one business process, but one of the biggest benefits is you no longer need worry about maintaining aging infrastructure with the limited IT staff and resources you have. A managed services provider has made the investments and is committed to maintaining their infrastructure to support your applications and store your data with a high level of security.
This investment isnât limited to hardware and software. Often, an SMB canât justify bringing on talent full-time, such as a DBA, but a managed services provider can provide people on demand as needed so you donât have to worry about recruitment and retention but still enjoy necessary expertise when you need it.
IT strategies for SMBs are all about a better bottom line
Embracing cloud solutions and entrusting data and business processes to a managed services provider are key elements of IT strategies for SMBs, even if itâs only for a small segment of daily operations. The right combination can improve productivity and the speed of your service delivery at a lower cost, and most of all, lead to a better bottom line.
Sanjeev Spolia is CEO of Supra ITS.
Latest Blogs
FAQ