Too Small to Hack? Why Device Management Matters for Small & Medium Businesses
No doubt, the biggest advantage of using a device management system is device security. Tracking the endpoints in your network, keeping their software up to date, and receiving notifications about device status are key in the fight for cybersecurity.
For small and medium businesses, however, it’s tempting to think cybersecurity isn’t a major issue. Often, we’ll hear executive stakeholders say they think the risk of a cyberattack targeting their business is low. Unfortunately, that’s far from the truth.
Attackers have automated much of the process of discovering and infecting machines with malware. A scripted cyberattack can target thousands of machines at once without any further work from the attacker.
Over the past 12 months, two-thirds of small businesses have experienced a cyberattack. The average cost of recovery from such an attack is $3 million! Small businesses can and are being attacked.
While we believe device management software (like Level) is an important part of the solution, we want you to have the facts and details about small business cybersecurity, so you can draw your own conclusions and make your own decisions.
How to Secure Your Small Business
Cybersecurity is all about preparation. The times when things are going well are the times to think about security. In the middle of an attack, trying to implement cybersecurity best practices will be too little, too late.
As such, executives should understand that cybersecurity preparation and risk reduction needs to be a high priority for the organization. Time and money spent on cybersecurity now will be far cheaper than the cost of recovering from a cyberattack later.
Luckily, the basics of cybersecurity are well established and straightforward to implement for most companies.
1. Training & education for employees
The foundation of cybersecurity is employee training. Even the best defenses can be overridden unwittingly by untrained employees.
For example, Verizon found that 92.4% of malware is delivered via email. An attacker, posing as someone else, sends links or attachments with malicious content. These types of phishing attacks take advantage of users who don’t know what red flags to look for, but a little training can go a long way. Employees should be trained on common types of email attacks and also what a legitimate support request will look like.
Other similar training about how your company’s security policies work and why they’re in place are essential to getting everyone on the same page.
2. Active scanning & intrusion detection
Your network is only as strong as the weakest connected device. If a device in your network is compromised, you want to know about it early and loudly so you can take decisive action as quickly as possible to contain the attack.
Security best practice is to actively scan all your endpoints for malware on a regular cadence and after every update or installation. Similarly, there is software that can detect irregular patterns in access logs and test various ports in your network to ensure access is confined to those you’re expecting.
3. Automatic updates & patches on all devices
Updating regularly to the latest security software, web browser, and operating system are the best defenses against online threats. These updates and patches come with regular frequency, and staying up to date can be a challenge.
In 2019, there were 12,174 common vulnerabilities & exposures issued. While many of those won’t apply directly to your organization, staying up to date on the ones that do apply requires constant vigilance. Additionally, when a security update is available, all devices in your company should upgrade in a timely manner.
4. Protect mobile devices
Often overlooked, mobile devices present their own security challenges, especially if they have access to the company’s network or confidential data. At a baseline, all employees should have a password on their phones and tablets, and their hard drives should be encrypted.
When the mobile device is on a public network, it becomes even more vulnerable to sniffing and unwanted access. There are security apps that can help with these challenges. Additionally, when a phone is lost or stolen, your company needs a procedure in place for deprovisioning access from that device.
5. Restrict use of known attack vectors
There are common attack vectors that are well-known among the cybersecurity community. Your company should be restricting or blocking the use of these technologies.
For example, 84.5% of Q4 2018 ransomware infections were initiated via Remote Desktop Protocol (RDP). While this software has been useful for legitimate IT support to Windows devices, it has also been weaponized (along with phishing and other scams) to grant access to attackers. RDP is the preferred delivery method for some of the worst ransomware, including Dharma/CrySiS, Ryuk, and SamSam.
If you can restrict or eliminate the use of RDP and other known attack vectors, then you’ll greatly reduce your risk profile.
Cybersecurity for Small Businesses: Preparation Pays Off
Cybersecurity threats against small businesses are real and numerous. However, training, policies, and good management can mitigate most risks.
We believe that device management software is an important cybersecurity investment for teams with more than a handful of devices. Regular malware scanning, automatic updates, and real-time status reports automate or alleviate the load on IT teams to manage devices.
Whether you choose device management software or not, cybersecurity should be a top priority for your business, no matter the size. The preventive measures you take today will cost less time and money than recovering from a cyberattack. Cybersecurity is one area where preparation pays big dividends.