Confidence in Confidentiality: 4 Ways to Cybersecure Your SME
The cyberattack into MINDEF’s personnel files demonstrates one thing: the competency and threat of hackers are on the rise. It is no wonder cyberattacks are listed as the 12th highest concern for doing business in 2017. Besides the loss of sensitive files, businesses can also incur costs from customers’ distrust due to stolen personal data. Widespread attacks on SMEs’ workplace technology can also be detrimental to the economy.
The importance of cybersecurity cannot be overstated and here are some ways to go about doing just that:
1. Responsibility Prevents Accidents
Unfortunately, there is a likelihood that employees will misplace their personal and company devices and this leaves the devices at risk of being accessed by unauthorized personnel. As such, employees need to be constantly reminded of their responsibilities in ensuring the care of office equipment, especially when taken out of the workplace.
When engaging external vendors for maintenance of office equipment, businesses need to ensure vendors are verified to prevent unauthorized access to data in the respective equipment. SMEs should also invest in surveillance equipment to deter unauthorized personnel from illegally accessing data from workstations. Such costs will be minimal compared to recovering from a data breach.
Proper disposal of digital information is also a key tool for SMEs against cyber breaches. A Channel NewsAsia documentary showed how easy it was for others to retrieve sensitive documents from supposedly formatted hard drives. Conventionally, physically destroying these devices with drills and hammers is the only safeguard SMEs have for safe disposal of hard drives. Canon imageRUNNER ADVANCE devices eliminate this threat completely with the revolutionary HDD Data Erase Kit installed on every device, now allowing administrators to overwrite and erase previous hard disk data as part of routine job processing.
2. Three’s Not A Crowd
Given that more than 80% of us reuse passwords and about 29% share password with others, the importance of using Multifactor Authentication (MFA) for corporate accounts is increasingly essential. Just ask Dropbox, whose employee’s LinkedIn password was stolen in an earlier hack and used to steal the credentials of more than 60 million Dropbox users in 2012.
MFA is especially pertinent for access to confidential documents. Besides the usual practice of using a memorized password, other credentials are required such as a code from a physical token or biometric measure. If need be, businesses can even require all three types of credentials for access to accounts or information. Employees will not be thrilled about the additional hassles but slowly introducing MFA as a business practice will hopefully ease their frustration.
3. “Amateurs Hack Systems, Professionals Hack People.”
Given the ever-evolving skills of hackers, taking measurements against illegal access to physical devices and implementation of MFA may not be enough. In fact, the best bet SMEs have against cyber attacks is training employees to be hyper-vigilant about commonly faced and newly develop vulnerabilities.
Cyber attackers’ go-to method to bypass businesses’ cybersecurity is usually through phishing scams. Employees should be educated on keeping a lookout for dubious-looking emails that may use misspelled email addresses. Microsoft Office macros hidden as attachments in such emails are re-emerging tools for attackers.
Working on the go is a common practice because of the portability of devices and the availability of free Wi-Fi at public spaces. The problem is that free Wi-Fi usually has security vulnerabilities, making it possible for sensitive data sent via the Wi-Fi to be collected. SMEs should encourage employees to limit the use of these free public Wi-Fi, and if possible to also use Virtual Private Networks (VPNs).
4. Change Is The Only Constant
With an average of 28 new cybersecurity vulnerabilities detected every day, it is critical for SMEs to conduct regular internal security audits. This includes evaluating IT infrastructures and software that can pick up and resolve new attacks continuously.
Safeguards against attacks can be as simple as updating software and making password update a company policy. Although some SMEs may find the downtime associated with updating software unappealing, these software patches address newer security vulnerabilities. Similarly, consistent revisions of passwords minimize the risk of security breaches by discouraging reuse of passwords across employees’ personal and work accounts.
With growing reliance on technology, cybersecurity attacks will be a growing threat. Businesses will need to be more mindful in addressing these threats. Particularly for SMEs that may not invest much in cybersecurity, this threat can become a painful reminder of the risks technological convenience might pose if not well prepared for it.
For more business insights, follow our LinkedIn page here at Canon Singapore.