Computer security in SMBs: an often neglected daily challenge

Posted by Benoit Mercier_ on Nov 3, 2016 12:00:00 PM
Find me on:

Securite informatique dans les PME un defi quotidien mais neglige.jpgWe often associate a computer security breach with the theft or loss of information resulting from the intrusion of computer hackers. Indeed, these much talked about hackers are often the companies’ main worry. Is this fear justified? How do we prevent data theft or leakage? 

 

Some famous cases

One need only think of the hacking that took place at Ashley Madison last year. Information on members was collected, then disseminated. We learned this year that some 500 million Yahoo! members had the same thing happen to them, not to mention the massive hacking at Sony in 2014. The American company had been threatened at the time by a hacker group that if it did not answer their demands, a lot of secret information and movies would be made public before their release date.

Even more recently, a couple of weeks ago, there was a major DDoS attack which prevented access to important websites such as Paypal, Twitter, Spotify, and even CBC.  

 

What if the risk came from the inside?

However, for SMBs in particular, the main risk does not come from the outside, but from the inside! Competitors are not always those who should be feared the most; in many cases, employees are the ones causing computer violations, whether it be intentional or not.

For example, an employee loses a smart phone without password protection. What if someone leaves the company and his access to the server is not removed? Access to accounts payable not only allows the disclosure of confidential information, but using them to place orders can also be problematic. The ex-employee could have his goods shipped elsewhere.    

Naturally, some offenses are more serious than others, depending on the type of company. The idea is simply to pay attention to what is being done inside the company in terms of data protection since employees are responsible for 85% of corporate espionage[1].

 

The complexity of computer security today 

In the beginning, the Internet was used to access online information and not for telecommuting using virtual private networks (VPN), as is the case today. There were websites but no applications intended for employees or customers, and there were no mobile devices to secure.

Today, with more and more SaaS’, such as Evernote, Dropbox, and other platforms of online storage, security has become a vital issue. Big companies are generally more aware of this type of risk, as opposed to SMBs who don’t always think about it.

If an employee uses software or an online service for data storage via his personal account and then leaves the company, to whom belongs the corporate information, accumulated for years, contained in the software? And if he copies the information using an online storage service, what prevents him from reusing it after his dismissal?

We therefore suggest you offer an internal service that will prevent data leakage related to the use of tools like Dropbox. If needed, you can also block access to other services.

 

Ways to reinforce computer security within SMBs 

 Here are some strategies to prevent the risk of hacking and data leakage within your business. Of course, this is not a comprehensive list, but it may help you cover the main points.

 

  • •  Essentially, the network perimeter needs to be secure. This means using new-generation firewall and having a process in place for continual access revision.
  • •  Keep an eye on your network. Whether you are dealing with intrusions or illicit internal behavior, make sure you understand what is happening.
  • •  Give necessary accesses only.
  • •  Change your access codes regularly and use a corporate password manager.
  • •  Protect your data by installing anti-virus software on each computer and make sure Microsoft security patches are applied everywhere.
  • •  Set up corporate cloud services to prevent the creation of multiple personal cloud services.
  • •  Put in place an end-of-employment procedure clearly stating that all ex-employee accesses will be blocked.

 Subscribe to IT Thought Leadership in Canada blog by Present

 

Image credit : © EvgeniiAnd - Fotolia.com

            

 [1] 2014: A year of mega breaches, a Ponemon institute survey of 735 IY and IT security practitioner in the US.

Topics: BYOD, IT infrastructure, Cloud, Events

About this blog

The right use of technology addresses business challenges and drives business growth in all areas of an enterprise.  We hope this blog will offer insight into developing strategies and tactics to enable you to identify those key drivers of growth and keep pace with and anticipate the rapid technology change of today.

Subscribe to Blog Updates by email

Protecting your business assets: Lower your risks with a disaster recovery plan