With businesses now returning to office-based working, Travelers Europe’s head of cyber Davis Kessler suggests how small businesses should protect themselves from increased cyber risks
If your office is reopening to employees right now or adopting a hybrid work model, it may also be inadvertently exposing itself to new cyber threats.
In recent months, spikes in ransomware attacks have correlated with lifts in lockdown restrictions. During the second quarter of 2020, for example, Symantec blocked over 60 million infection attempts – a 74.6% increase over the previous quarter.
This trend has continued this year, with 151% more ransomware attacks recorded globally. Europe, in particular, has seen a growing number of increasingly sophisticated threats.
The risk of ransomware attacks has been higher for small to medium-sized enterprises (SMEs). When the Covid-19 pandemic began, many organisations made a quick pivot to remote working, causing smaller businesses to adopt tools and processes without comprehensive security checks.
Out of necessity, employees may have used personal devices for work, company devices for personal reasons and collaborative tools without proper safeguards – and all from a home environment that may have lulled them into taking a more relaxed approach with company tools and information.
This blurring of lines between home and work has created opportunities for cyber criminals to exploit.
Step up the safety
How can organisations become a less appealing target for cyber criminals? There are several easy steps an SME can take to protect itself.
- Document your security policy and training to clarify what staff can and cannot do with company devices.
- Use strong passwords. Do not store them with laptops.
- Enable multifactor authentication (MFA) for remote access to the network and for employee access to any web-based email, such as Microsoft Office 365. This is perhaps the most critical control you can use to protect your organisation’s network.
- Complete full scans of any devices and ensure firewalls, intrusion prevention systems and antivirus protections are switched on, configured correctly and kept up to date.
- Enable full-disk encryption, remote locking and wiping of mobile devices.
- Patch, patch, patch. New vulnerabilities are the most common way criminals infiltrate networks and devices.
- Block USB ports so data cannot be copied from them.
- Educate employees to never leave a device unattended and unlocked, even at the office. If using a device outside of the office, ensure it’s out of sight and locked when left.
- Eliminate, or reduce, local admin access on laptops and other networked devices.
- Work towards a ‘zero-trust’ approach. Zero-Trust Network Access (ZTNA) is a service that restricts access and conducts checks on a company’s behalf. Such protection will likely become a global industry standard for businesses.
When SMEs fail to take necessary precautions, they remain easy targets for cyber crime. Making a business more difficult to attack drives criminals to move on to a less prepared organisation.
For the foreseeable future, there will be enough low hanging fruit - if criminals are discouraged from breaching business A, they will move on to business B. The important thing is to be business A.