Digital transformation is touching every sector, industry and organisational size, with SMEs being empowered by digital technologies such as hyperscale cloud computing to gain enterprise-grade services and compete for the same customers as big corporations.
While the digital era presents many opportunities for companies, it is also producing numerous challenges, including security threats that can be devastating to a company’s reputation and bottom line.
Previously, a business could only enable corporate-issued devices on its networks and protect its infrastructure behind a firewall. In the digital era, trends such as bring your own device and mobility have, along with the need to co-create value and collaborate with partners, made isolationism impossible.
In fact, employees are spending a lot (up to 50%) more time in collaborative activities, while research company Strategy Analytics forecasts that the global mobile workforce will encompass around 1.75 billion in 2020 or approximately 42% of the global workforce. Last year, a whopping 43% of all cyber-attacks were targeted at SMEs according to security software company Symantec.
All of this means that companies need to rethink their approach to security, thanks to this myriad of web-connected devices making their way through their offices, with these acting like gateways via which attackers can gain access to the business’s network and digital resources.
Using the cloud to be productive anywhere, anytime, on any device, securely
Every quarter, Microsoft provides companies with the latest trends data on industry vulnerabilities, exploits, malware, web-based attacks, along with measures to combat these and for remediation within its Security Intelligence Report (SIR).
The latest (Q1 2017, January to March) SIR shows that the cloud is fast becoming the central data hub for companies, which in turn is also making it a prime target for cyber criminals. Consequently, cloud-based cyber-attacks have increased a massive 300% year-on-year.
When you move your organisation to a cloud service, you must be able to trust your service provider with your most important, sensitive, and confidential data or choose to move only your least sensitive data to the cloud. Because security is paramount for business success, solutions have to offer robust policies, controls, and systems to help keep your information safe.
Companies should take note that as the cyber-attackers are successful with their breach attempt, the attackers attempt to reuse the stolen credentials on multiple services. Therefore, one of the most critical things a user can do to protect themselves is to use a unique password for every site and online service they use.
In addition, businesses should train staff to avoid the use of simple passwords (easy to guess or crack), using alternative authentication methods or multi-factor authentication, as well as to implement solutions for credential protection and risk-based conditional access.
Endpoint threat intelligence
An endpoint is any device that is remotely connected to a network, which is able to provide an entry point for cyber-attackers and includes notebook PCs, smartphones, and tablets amongst others and because users interact with an endpoint, it remains a key opportunity for attackers and a security priority for businesses.
Ransomware attacks have been on the rise, disrupting major organisations and grabbing global headlines. Attacks like WannaCry and Petya disabled thousands of machines worldwide in the first half of 2017.
There needs to thorough mitigations in place that prevent common exploitation techniques by these and other ransomware threats, and tools that help to protect business data on mobile devices, by doing this ensuring that all business data is encrypted and accessible only by authorised users. Furthermore, SMEs can perform a remote selective wipe of company data easily on lost or stolen devices and centralise control of company data on personal devices.
Managers can also help prevent accidental data leaks by securely separating business information from personal information. They can ensure that employees always have access to files while confining company information to Office apps.
Ultimately, businesses need a new, integrated approach to security in the digital era, which will not impede their productivity. It is essential that solutions are integrated and bring together productivity tools that staff will already be familiar with, along with the security and device management capabilities that small to medium-sized businesses need to protect its data.
By Lionel Moyal, Office Business Group Lead at Microsoft South Africa