Small businesses can benefit from enterprise grade security

2


7

The world of work has changed more in the last eight months than it did in the previous eight years. When Covid-19 took hold, working from home and teleconferencing quickly became the norm, and although we’re seeing some staff returning to the office, it’s unlikely that on-site head counts will ever match 2019 levels.

The shock of the change has been the greatest for those least able to cope: small businesses, which lack dedicated IT support or a financial buffer to help them weather the storm. It doesn’t look like either of these will improve in the near future, with the UK currently in recession and the IMF predicting a partial and uneven global recovery. As a result, McKinsey is projecting that 80% of SMEs – around the same proportion as reported increasing revenues before the crisis struck – now expect this to have a detrimental impact on their business.

Businesses and business owners have plenty to worry about. Is it really surprising that some have taken their eye off the ball where security is concerned?

Combatting behavioural exploits

Malicious actors have spotted this and know that, with a large proportion of the workforce off-site, small businesses are more vulnerable than ever. The stats make grim reading. Three fifths of all micro- and small enterprises that found themselves subject to cyber-attack went out of business within the next six months as a result.

It’s a growing threat. Since March, the first month during which we saw a significant move towards working at home, Barracuda Research noted a 667% spike in Covid-19 related spear phishing attacks, which rely on workers falling for spoofed messages that usually result in them installing some form of malware. The problem was sufficiently pronounced for the World Health Organisation (WHO), as well as leading the global response to the virus, to warn that scammers were “sending fraudulent email and WhatsApp messages that attempt to trick you into clicking on malicious links or opening attachments”. Many of these messages purported to come from the WHO itself.

Combating such threats requires a two-pronged approach, pairing staff awareness raising with a hardening of the organisation’s IT real estate. Most responsible businesses will already have deployed antivirus and anti-Trojan tools which, with modern hardware frequently having processor cycles to spare, should be supplemented by AI-based threat detection and mitigation.

This is important, as threats evolve constantly, and those that rely on social engineering, like spear phishing, evolve in response to victim behaviour and the environment in which they’re deployed. Little wonder the UK’s National Cyber Security Centre, part of GCHQ, warns that “continued global susceptibility to phishing will probably make this approach a persistent and attractive technique for cyber criminals. Moreover, if the outbreak intensifies, it is highly likely that the volume of such attacks will rise.”

While training staff not to fall for socially engineered threats, like phishing, is a given, it’s important that firms also make sure their hardware isn’t vulnerable when unattended. It’s easy to become blasé when working from home, where the assumption is that physical threats are less viable. However, in that kind of workspace, where children may be present, an unlocked laptop can be a temptation for those who want to hop online to check their email, chat with friends or look up the answer to an assignment. Tools like Dell Optimizer can help, by automatically locking the computer when unattended, or sitting in front of an unknown user. It will then be physically impossible to unknowingly introduce threats by clicking dialogs or following links that connect to online threats.

Supporting your support staff

Malicious actors are constantly looking for new entry points and underexploited weaknesses, and are increasingly moving beyond traditional surfaces, like the operating system and applications, to target fundamental components, right down to the BIOS and UEFI.

What this proves is that security should never be an afterthought. Whether IT is managed by a single person, a team or an outsourced department, such roles have become more demanding, with the assets they administer dispersed to users’ homes where they interface with pooled resources across unknown and possibly untrusted connections.

Delivering in the face of such changes is made more difficult when IT support staff find themselves similarly isolated, which is why forums, like Dell Technologies’ Unified Workspace Community – giving IT pros a place to share knowledge, expertise and intelligence on emergent threats – are proving a vital line of support. Such online environments are increasingly important at a time when dispersed team members have lost the ability to bounce ideas off one another and learn from their peers.

The knowledge gleaned from such forums, along with empirical experience, should form the basis of a comprehensive policy for Information Risk Management (IRM). Comprising guidelines for the responsible use of company-owned equipment and networks, application choice and deployment, an IRM framework sets out the parameters within which the small business will use technology and evolve its hardware and software real estate.

IRM must also concern itself with the guardianship of an organisation’s most valuable asset: its data. Replacing customer records, research and financial statements can be time consuming and may be impossible without adequate off-site backups. It can impact a company’s overall value, too. Yahoo was written down to the tune of $350m in 2017 after it suffered two data breaches in the run up to Verizon’s purchase of the internet pioneer. Few small businesses would expect to suffer such a catastrophic write-down, but lost data could leave them vulnerable to prosecution if it meant they were unable to file tax returns, or they were found guilty of not taking adequate care of customer data. The latter can be spread far and wide when dispersed to work-at-home laptops.

Teamwork is key

Challenges aside, the increase in working from home has had many positives. Freed of the commute, staff arrive at their desks feeling fresher and better motivated, and increased reliance on – and acceptance of – online resources and cloud-based security means both staff and those who support them are taking advantage of a far wider, deeper pool of expertise.

At the same time, having a trusted provider like Dell Technologies onboard, while not abrogating small businesses’ responsibility for their own cyber security, gives them the support they need to face the future with renewed confidence. There’s no denying the next few months will be tough – bumpy, even – but by thinking through their requirements today, and putting appropriate systems in place, they’ll be better equipped to withstand whatever economic, political, and, yes, viral uncertainties lie ahead.

Find out how Dell Technologies advisors can help you weather the storm by contacting your local team at dell.co.uk/advisor or call 0800 085 4878 today.