Small businesses are not immune from the threat of cyberattack. In fact, according to a recent mobile security study from Verizon, they may face greater risk than larger organizations. That’s partly because small businesses rarely have the policies, processes or staff to keep up with changing security threats. As a result, they are the most likely to have blind spots that leave them susceptible to a security breach that could threaten the financial sustainability of the business.
Circumstances are stacked against small business leaders, but many are already aware of this. Business owners are starting to embrace a motto of “simple and effective” to take advantage of mobility, and execute a digital transformation while also enhancing security.
Hidden threats and disastrous outcomes
While big breaches at large businesses dominate the headlines, small businesses have faced a steady stream of hacks, attacks and ransoms. The Verizon Mobile Security Index 2019 provides an SMB snapshot that shows that 29 percent of small businesses — almost a third — experienced at least one mobile security breach in 2018, nearly double the 15 percent from the year before.
As mobile devices become an increasingly key part of business processes, smartphones and tablets have become richer targets for exploitation, especially since we carry them into places where they can be lost, stolen or breached through rogue Wi-Fi.
Unfortunately, the media focus on large breaches has left small businesses with blind spots around their risks. Verizon reports that 85 percent of small businesses claim they have taken sufficient mobile security measures, yet when asked about the minimum steps that might keep a breach from occurring, less than half have even one of those measures in place. This misplaced confidence can have devastating outcomes for businesses without the dedicated staff or expertise to cope with a security event.
Unlike large enterprises that have teams ready to solve these problems, small business are most likely to hear about a breach from their customers, trading partners or law enforcement (58 percent) rather than their own staff. To make matters worse, 66 percent experienced downtime, including full work stoppage, as a result.
While these statistics are alarming, small business owners also have the advantage of being able to implement simple, effective measures to mitigate these risks and make their organizations tougher, if not impenetrable, targets. A minimal investment of time, focus and resources will go a long way to reducing the known threats that present themselves with frightening regularity.
Five steps towards mobile security for small businesses
1. Create a clear mobile policy
Small businesses rely on their employees to make good choices more than large organizations. Begin by being crystal clear about your expectations for how mobile technology should and shouldn’t be used in your business, as well as what to report and what to do when a breach does occur. Whether you rely on employees to bring their own devices (BYOD) to work or you provide devices to them, an Acceptable Use Policy (AUP) that outlines these rules is essential. Samsung has published a detailed guide to writing a BYOD policy and provides a downloadable template to help you get started.
2. Regularly educate your employees
Give your employees a quick rundown of your newly implemented security policies and the key processes that they must follow to keep the company secure. At the same time, remember that employee education isn’t a one-time project — it’s a discipline. You will need to support your employees making good technology decisions by making it an ongoing conversation beyond your initial announcement. Many businesses have begun utilizing the media coverage of breaches to demonstrate the importance of their internal policies and technologies, and to show how individual actions can create unintended exposures.
3. Secure the hardware
Over the past decade, the core device-level security on smartphones and tablets has improved significantly, but not all devices are created equal. Samsung’s Knox platform, for example, integrates a Hardware Root of Trust that verifies the integrity of the device each time it boots, and its smartphones have been certified by the U.S. Defense Information Systems Agency, among other federal bodies.
The simplest, most effective approach is to standardize on mobile devices that you can manage and put your trust in, and provide employees these devices for work. Even if they have a perfectly good device for personal use, that personal use is one of your biggest concerns. The apps they choose, the sites they visit and the links they follow all pose significant risks and account for a large portion of the reported incidents of cybercrime.
4. Invest in mobile device management (MDM)
Like the lock on your front door and the fire alarm in your building, an MDM solution is a minimal investment compared to the risk it helps mitigate. For a few dollars a month per user, an MDM can give you the ability to lock the front door of your devices and control what is needed to unlock them, as well as respond when the device is being misused or there is an attempt to bypass security. Cloud-based MDM tools are available for a small monthly fee.
They’re simple to implement and give you the type of visibility and control you need to understand and address security threats. They can also help make the mobile environment more effective by automatically deploying the apps and content you want your workers to have.
5. Make cybersecurity an ongoing priority
Cybersecurity threats evolve far too rapidly for most small business leaders to keep up. But you can make a few proactive changes and a small investment up front to minimize some of the key risks.
Samsung offers the mobile device hardware and management tools that, taken together, provide a simple and effective cybersecurity solution for small businesses. Its smartphones and tablets come with Samsung Knox built in, integrated right down to the chip. Samsung also offers a suite of device management and security tools to keep your data safe from even the most persistent attackers. Knox Manage, for instance, is an MDM that can help you manage Samsung and other Android devices, as well as iOS, Windows 10 and Tizen.
It is critically important that all businesses realize they are potential targets for malicious acts. Mobility and the internet have brought us all closer together — which unfortunately means you are also closer than you think to hackers from all over the world too.