Paid for by Verizon
Before the Information Age, bigger usually meant better. Bigger factories, workforces and budgets translated into greater innovation, output and efficiency. In the old world, it was hard to compete as a little guy.
The rapid digitization of the last three to four decades changed all that. Thanks to technology, good ideas can scale easier than ever before and now small outfits can upend an industry overnight. As the work-from-home model has become the new normal and will persist for the foreseeable future, one of the keys to that paradigm shift for many small and medium-sized businesses (SMBs) is mobile.
Mobile technology and the information gathered through Internet of Things devices empowers small businesses to innovate and produce at a level on par with bigger players. By being able to connect to key business systems from anywhere, SMB employees are more agile, productive and informed. If SMBs are David and large enterprises are Goliath, mobile technology is the sling.
But mobile isn’t a perfect solution. “Today, one of the greatest areas of vulnerability for SMBs has to do with the mobile devices that their employees use to access company resources such as email and web applications,” said TJ Fox, president of Verizon Business Markets.
Verizon’s recent report, the Mobile Security Index 2020 (MSI), shows that, in reality, many SMBs are playing a high-stakes game of chicken when it comes to mobile security. They’re putting off smart precautions out of fear they’ll lose the very efficiency and productivity they generate with mobility. This creates a high-risk environment where one stray packet of data transmitted across a public network or one careless employee could undo years of hard work.
Fortunately, unobtrusive and straightforward security measures exist — and they don’t have to unravel the productivity gains that are so critical to SMBs.
“Staying out of the headlines as the next victim of a wireless security breach or IoT breach is easier than most people think,” said Bryan Sartin, executive director of Verizon’s Global Security Services. “And you can do it without worrying about complicated solutions and bleeding edge tools.”
The Power of Mobile
While the mobile revolution has benefited everyone, SMBs have adopted mobile technology to an astonishing degree. According to the MSI, 80% of SMBs said that accessing business systems on mobile devices is key to their profitability and productivity, and 76% said that mobile devices are critical to their organization.
“Mobile handsets are becoming just as sophisticated as the traditional laptop and desktop,” said Sartin. “And in some cases, even the servers in the enterprise network.”
The power of, attraction for and need to be mobile is obvious to SMBs. The problem is that too many have become fixated on the pros without considering the risks: For every new connection point, there’s a new point of intrusion that bad actors can exploit.
According to the MSI, 39% of SMBs admitted they sacrificed security to “get the job done” even though 81% said that the risk to their business was moderate to significant.
SMBs are shedding their armor for speed and flexibility. But the arrows are still coming.
In fact, the quantity and damage of those arrows are increasing, says Sartin. “There’s been an increase in the frequency of attacks, coupled with a growing impact magnitude,” he said. “We're striving for flexibility and competitive edges that come from wireless devices, yet we do so knowing that we don't have the security sides of things figured out.”
Sartin says many SMBs are reluctant to adopt stricter security measures because of fears around cost, slower acceptance and usability, and reduced adoption of mobile platforms.
Moreover, the nature of the attacks are evolving, making it increasingly difficult for SMBs to have effective defenses. “The threat landscape continues to evolve rapidly,” said Fox. And one threat in particular has had an outsized impact. “The emergence of ransomware has changed the conversation,” he said. “Ransomware disproportionately affects SMBs because of its ease of deployment.”
But the path to improved mobile security isn’t beset on all sides by the tyranny of increased costs and sacrificed productivity. It’s actually quite simple.
Good security starts with culture, said Fox. “SMB leaders need to create a cyber-aware culture and make it a priority,” he said. By continually reminding staff of important security measures and practices, a security mindset will set in among staff and reinforce itself moving forward.
Tactically speaking, Sartin points out that by observing foundational and basic security measures — things like secure username and password authentication (which can be easily applied and carried out with biometrics or multi-factor authentication), password rotation, encryption, containerization and restricted downloads — businesses can eliminate over 90% of threats.
Fox agrees, calling the failure to observe those basic measures “poor hygiene.” He also emphasizes other security basics that can fall by the wayside, including staying up to date with the latest security patches and segmenting sensitive data from non-sensitive data with appropriate controls for each.
While most security professionals could easily rattle off the importance of such security basics, following through consistently on those practices is quite another thing. It’s not enough to have most workers observing security precautions -- everyone needs to do it.
Sartin likes to recall a specific example of security inconsistency they encountered a few years back: A business rolled out new security measures, but “didn’t want to bother the C-level folks” and so their devices were left vulnerable. Those with the most to lose in terms of information and access were the least protected.
It also extends to the rest of the workforce, where a few bad apples can spoil the whole bunch. Sartin says that, as a general rule, around 12% of employees are likely to click on a spear phishing message. And those same individuals won’t click only once, but three, four, or five times, creating multiple vulnerabilities from just one workstation. It’s important that SMBs identify that 12% through targeted internal phishing tests, otherwise they could undermine the diligence of the other 88%.
“Email phishing is the most likely external attack that bad guys will use to gain access to company data,” Fox said. “Employees need to be aware of this threat.”
Finally, SMBs need to account for security vulnerabilities in their IoT devices. Since those sensors extend beyond traditional IT areas into sectors of the business like manufacturing or transportation, IT professionals don’t always consider the security threats present.
Such attitudes are exactly why IoT devices and C-suite executives are frequently targeted by hackers — they’ve identified prevalent inconsistencies when it comes to security.
The good news is that there are solutions. By following the basics of security consistently and understanding the valuable and vulnerable parts of the business, SMB leaders can continue to enjoy the fruits of mobile power without reservation.
Small and medium-sized businesses do not have to put their organization at risk just to harness the power of mobile. There are basic steps that every business can and should take to prevent cyber attacks and safeguard their internet. The Verizon Mobile Security Index 2020 — mobile security insights powered by more than 800 respondents and 11 industry and law enforcement contributors — helps businesses understand mobile risks, assess current practices and strengthen security policies. Are you prepared?