Over the npast couple of years, it feels like like we couldn’t go one week without hearing of another successful cyberattack on a high-profile business. Sony, Target, Home Depot and even the U.S. Postal Service counted themselves as just some of the many victims of hackers who made their way into corporate networks and made off with critical company data.
But what gets hidden behind all of the press devoted toward talking about enterprise cybersecurity breaches is the fact that every day, small businesses are subject to malicious attacks of the same nature as the ones on their larger counterparts. And in most cases, the consequences are just as dire – stolen customer and business data and even intellectual property theft.
Given the data-driven nature of commerce these days, even for small businesses, a proven track record of data security seems likely to become a big part of running a small business, especially considering that regulators and consumers alike are paying far more attention to these issues than they did even just a year ago.
New data protection regulations will affect small businesses
The seemingly never-ending streak of cyberattacks last year will likely pave the way for significant legislation surrounding consumer and business data protection and reporting standards, Business News Daily wrote.
One example of this is the proposed Personal Data Notification and Protection Act, which would require all businesses who experience a cyberbreach to notify their customers within 30 days about the possible loss of their personal information.
Going forward, small businesses will have to respond by familiarizing themselves with the new regulations and gain a clear understanding of the relationship between their IT infrastructure and their customers’ data.
A recent report from USA Today found that 60 percent of all cybercrime is directed toward small businesses. The news source looked at data from a study done by McAfee that found some disturbing results about the state of small business cybersecurity in light of the high-threat environment.
Hackers love small businesses
According to the National Cyber Security Alliance, hackers go for small businesses because they offer the path of least resistance. Small businesses rarely have the resources or the training to devote to cybersecurity that their enterprise-level competitors do, and this means that cybercriminals know where to go for a relatively quick and straightforward haul.
- Only 9 percent of small businesses have mobile security.
- 80 percent don’t use any data protection or encryption.
- Less than half have email security measures in place.
- Only half use Internet security.
“Today’s cybercriminals tend to focus on the easiest targets with the weakest security resources, such small Main Street businesses. They work diligently to steal precious customer and employee data and have the capacity to gain access to larger enterprises,” said Gary Davis, Chief Consumer Security Evangelist for Intel Security in an interview with USA Today.
“The trouble for small business IT teams is in creating a secure BYOD-enabled network without hampering the convenience and accessibility that makes a BYOD workplace worth adopting in the first place.”
The BYOD balancing act
Of the many emergent trends in the small business world, the bring your own device, or BYOD, workplace is one of the most pervasive. Businesses that adopt this model allow their employees to use their own personal devices to access key workflows and company data. This allows the employees to essentially create their own schedules, since the accessibility of cloud-based platforms and portability of mobile devices allows them to work from wherever they are, whenever they want.
Small businesses have seen clear benefits from the BYOD workplace – it gives them efficiency, agility and cost savings without sacrificing performance. Of course, the upside is there, but as one would imagine, there are some obvious security issues that come with it. One of the most common entry points for hackers is an unsecured device. Accordingly, research from the Ponemon Institute found that 89 percent of small to mid-sized businesses were concerned that their employees’ mobile devices and laptops were vulnerable to a cyberattack.
The trouble for small business IT teams is in creating a secure BYOD-enabled network without hampering the convenience and accessibility that makes a BYOD workplace worth adopting in the first place. Thus, we can likely expect small businesses to look to mostly non-invasive security measures like access control management systems that will allow them to control whose devices can access the network in the first place, as well as trace the source of an attack that stems from one of these devices. These systems will allow for easy access without the total vulnerability of an unsecured device.
The BYOD workplace seems as though it’s here to stay, so small businesses will have to accommodate this cultural and technological trend without compromising on security if they want to stay competitive and, more importantly, out of regulatory hot water.