Security providers need to address local threats, not just global threats
Go back five years or so to when cyber attacks were only carried out on those with valuable information – it was just too expensive, complex and time-consuming to attack smaller businesses.
Fast forward to now and the landscape has changed. Today, small businesses can store just as much information as global enterprises by using cloud-based platforms – and anyone with an internet connection (and a little know-how) can carry out a cyber attack.
For cyber criminals, it’s a period of opportunity. Global enterprises are all too familiar with cyber threats but for small businesses, it’s uncharted territory. They’ve never experienced anything like this before.
As a result, whether it’s an established group of hackers or a criminal sitting on an unsecure network an employee is connected to, most small and medium-sized businesses have no idea how to protect themselves.
So how can you, as a cyber security provider, protect your SMB clients from these new local threats?
The changing threat landscape
Despite one in five small firms experiencing a cyber attack between 2017 and 2019, little has been done to support them. According to a report by the Federation of Small Businesses, small businesses are the subject of repeated cyber attacks, with almost 10,000 attacks happening every day.
Most global companies will understand the threat of cyber attack and have resources to minimise them – but that’s not the case for SMBs and, particularly at the local level, there are points of exposure that they are unfamiliar with.
For example, if employees work remotely and use unsecured WiFi networks (public or otherwise) anything they do on their mobile, laptop or desktop PC can be viewed by anyone else on that network. Given that WiFi networks are so prevalent in the UK, it would not be difficult for a cyber criminal to siphon business-critical data. These local attacks on employee devices can potentially spearhead more comprehensive assaults.
Similarly, if an employee connects to an unsecured WiFi network whilst working remotely and logs into the business’ secure intranet or cloud-based infrastructure, the cyber criminal can easily steal those log-in details. Then, unbeknownst to that employee, the cyber criminal could log in and masquerade as that employee, getting information from the business’ network and potentially gaining access to other services and company accounts (as employees often use the same passwords).
An ounce of protection is worth a pound of cure
Stopping these kinds of attacks before they become a problem is essential – but when they originate from inside a business’ network, what can be done?
It’s in instances like these that the potency of local cyber attacks become apparent. If a cyber criminal can access employee devices – without raising suspicion – it then becomes a case of damage mitigation, rather than prevention.
So, you need to be thinking about business virtual private networks (VPNs) to enable your clients’ employees that work remotely to secure the networks they connect to. A VPN will create a secure connection to another network over the internet, shielding activity from prying eyes (cyber criminals) on public WiFi networks.
As well as acquiring a VPN and deploying it onto every employee device, cyber security providers need to do more to educate their clients’ employees on cyber security.
Cyber security awareness and employee error
Our market research report found that of the 500 senior IT decision-makers we interviewed, more than half (54%) stated that their employees have very basic knowledge of cyber security.
So, even more so than the solutions themselves, cyber security awareness needs to be the main point of order. It’s pointless implementing software if employees don’t understand its use or understand the importance of protecting business information. This, coupled with human error, could prove disastrous for any SMB.
Investing more time into the training and education of employees in regards to cyber security is, therefore, key.
As a cyber security provider, it’s only natural that you offer your expertise to your clients – but you should go a step further. Set up regular training and review sessions, offer on-site support and help your clients’ employees to see the value of what you’re doing. Make it simple and easy to follow. Then, and only then, will they be more invested in cyber security.
How can we help?
We provide the only business VPN solution designed to meet the practical needs of SMBs. Unlike consumer-based VPNs that are difficult to scale and enterprise-grade VPNs that are hard to configure, the Privatise Business VPN is scalable, easy-to-use and rapidly deployable. It can support any number of devices, requires no log-in details and is always on. Devices can be managed from a central portal and all privacy settings can be configured.
Privatise removes the complexity of configuring online security and provides SMBs with a solution that will truly keep employees protected, wherever, whenever.
If you want to find out more about Privatise and how it can protect your clients, click here.
Appstractor Corporation is home to the next generation of simple, innovative technology securing online privacy for your employees & your automated data intelligence