Security threats and cyber-attacks are becoming more sophisticated and complex every day. That’s right, every day. The times when we could rely on “weekly updates” to protect our devices are long gone. Today, attacks are occurring at an alarming rate with new malware variants and advanced threats emerging daily.
Multiple research studies confirm that businesses, especially small to medium businesses, are nowhere near ready to meet these new challenges.
Here are the top 8 threats that businesses face right now:
- Web application attacks
- Cyber espionage
- Point-of-sale (POS) hacks
- Payment card skimmers
- Insider misuse
- Miscellaneous errors
- Distributed denial-of-service attacks
A 2013 PWC study asked corporate CIOs and CTOs about cyber security within their own businesses. Many topics were covered, including:
- Knowledge of financial loss due to cybercrime.
- The greatest cyber security threats to their business.
- Preventive measures they had implemented.
- The causes of cyber threats and crimes.
More than 20% of CIOs and CTOs answered, “I don’t know.”
The PWC study concluded that “organizational leaders do not know or appreciate what they are up against, and they lack a clear understanding of the nature of today’s cyber threats, and those who pose risks.” [From the 2013 US State of Cybercrime Survey]
Fortunately, attitudes towards security threats are changing – slowly. CompTIA reports that 37 percent of firms expect security to be a significantly higher priority two years from now. [Information Security Trends, CompTIA, November 2013].
The BYOD (Bring Your Own Device) phenomenon is sweeping across the business world. It has the twin advantages of convenience and fast response, yes, but can you afford to ignore the security aspect of BYOD?
These are now a raft of important considerations and questions to ask, including BYOD, when defining computer usage at work. Here are the top 8:
- Are employees allowed to bring their own device to work?
- If so, are you concerned about securing access to your network from personal devices?
- Do you currently have a corporate BYOD/computer usage policy?
- Which applications do your employees use to access corporate data, and how are you securing that access?
- Are you isolating/containerising applications that access your network?
- How are you minimising corporate liability associated with personal devices in the workplace?
- Are the websites that employees visit visible to you, and do you have a web filtering program?
- How do you ensure that your BYOD/computer usage policy and employee’s rights are both protected?
A good BYOD/computer usage policy should outline the business’ responsibility and the employee’s responsibility. For instance, you should define the types and brands of devices that are supported, and what is expected of employees when they use their personal devices at work. This will go a long way in ensuring that your business is covered if an employee uses a device on your network that is not supported by your managed IT service provider.
But what security measures should you and your managed IT provider implement? Here’s a short list:
- 24×7 active network monitoring to ensure that only authorised devices and authorised software are accessing and running on your network.
- Automated patch management for operating systems.
- Automated patch management for applications.
- Web monitoring and filtering.
- Email filtering.
- Back and disaster recovery.
- Security event log monitoring.
Security threats are advanced, intelligent and sophisticated, so it’s critical to implement the right IT security strategy. Implementing comprehensive computer usage policies, educating your employees about the very real risks in the current threat environment, and deploying a holistic security solution will stave off 95% of cyber threats. Having a good backup and disaster recovery system in place offers that additional layer of insurance for your critical business data.
Radius Networks offers managed security solutions that include monitored protection from spyware, malware, web-based threats, email threats, hackers and viruses. The possibility of a security breach is reduced to an absolute minimum, avoiding data loss and mitigating the risk, embarrassment, loss of credibility and loss of revenue that a security breach can cost your business.