I worked in IT for ten years in small- and mid-market enterprises (SMEs). These organisations had the same needs as larger enterprises, but I didn't have the time, budget or expertise to implement enterprise technology.
SMEs today have the same resource constraints as back then, but the security threats are even more complex, and the use of mobile devices has exploded.
Unfortunately, this often leaves IT professionals unclear on what they need to do to protect their businesses from today's threats.
Four misconceptions about security - and how to get it right
1. We have antivirus; that should be enough.
It's true that you need antivirus on your desktops and laptops, but it's no longer enough. Consumer-grade or free versions of antivirus software don't have the capabilities that businesses need to stay protected from threats - which arise at a far faster pace than the updates of signature-based AV.
You need comprehensive endpoint security that protects against the vectors of infection - like web exploits and USB drives - and stops threats with multiple layers of defence. Look for features like host-based intrusion prevention system (HIPS), web content filtering and device control.
2. Our data is stored safely.
Even if you don't think your data is valuable to an attacker, its protection is critical to you and your customers. If sophisticated ransomware can get past your defences and onto your computer, it can encrypt all your files with a private key, making them inaccessible to you unless you pay the ransom.
Unless you use automated backups, there are just too many ways to lose your important files. It's not only a lost laptop, a corrupted disk, or a spilled cup of coffee that spell doom for your files. Malware can destroy your data just as fast. Even if you have backups, test them periodically. Many organisations have been confident in their backups until they needed them, only to find they were unable to restore the data they needed after an incident.
3. Our passwords are strong enough.
Even a good password can be cracked. Or your users could be duped into giving away their passwords by social engineering tricks and phishing websites.
To prevent unauthorised logins, you should implement two-factor authentication (2FA) wherever possible. For example, if you're using webmail services like Gmail, or use social media like Facebook for your business, those services offer 2FA. Use them.
4. Users access email securely from their mobile devices
While the connection between a mobile phone or tablet and your email server may be secure, that's no guarantee that the data is safe once it reaches the device. A lost or stolen phone or a malicious app can lead to critical data ending up in the wrong hands.
Whether you supply smartphones and tablets for your users or let them bring their own, be sure to use mobile device management software to enforce policies like automatic screen locking, strong password requirements, and mandatory encryption.
Getting security right
Fortunately, there are security solutions today that can help small businesses manage these challenges with enterprise-class technology that is both affordable and easy to use.
SMEs and IT managers have a simple choice - Sophos Cloud. There's no server to install and you can manage all your PCs, Macs, mobile devices and policies from a single, intuitive
interface, hosted for you in the cloud. And with user-based licensing, you can expand your protection as your business grows.
That's the kind of security I wish I had back in my IT days. It wasn't possible then - but it's possible now.
For more information visit Sophos
