In a roundup of opinions about what the most pressing security concerns will be for small businesses in 2013, two common and related themes emerge: cloud and mobile.
Not only is mobile quickly overtaking fixed computing as the most preferred way to access business data and networks, the bring-your-own-device (BYOD) trend is re-fueling a new round of concerns related to that data and where it is located. And as the app-version of business tools work their way past the firewall, securing these solutions also becomes a priority.
Mobile Security: Limiting BYOD in 2013
“The information security threat is becoming more important and complex as adoption of mobile devices and mobile applications increases rapidly,” says Sanjeev Aggarwal, co-founder and partner in the small business research house the SMB Group. “New types of security solutions are needed for mobile devices.”
This will lead to more restrictive BYOD policies that limit the types of devices allowed to access the network, predicts Rebecca Wettemann, vice president at Nucleus Research.
BYOD use will also decline as support costs, compliance risks, and usage reimbursement drawbacks become more evident. This is because the more devices a company supports and secures, the more expensive it is. The likelihood of a security breach caused by employees accessing or storing sensitive data on unsecure devices also goes up.
Wettemann suggests selecting just one or two approved devices. This will make security tracking and device-and-data recovery more manageable.
Securing Mobile Apps
This mobile infiltration goes beyond devices; it also includes mobile apps, says Gytis Barzdukas, senior director of product management for online backup provider Mozy. As app usage proliferates, companies will have to crack down so they don’t open themselves up to problems with governance, risk and compliance (GRC); particularly if they do business in highly regulated industries such as healthcare or financial services.
Relief may come from the app makers themselves, however, as they realize their products will not be tolerated in risk-adverse business environments. But Barzdukas suggests employing two-factor authentication schemas either way. Companies with IT shops will probably see calls for increased access-control based on corporate directories, as well as content control so that data can be remotely wiped or consumed in a read-only manner.
More Small Businesses Move to the Cloud
Cloud is also an option that many SMBs will choose in 2013, says Wettemann. Not only can it be more cost effective than managing your own software servers, cloud vendors have little choice but to invest in strong security.
“Take advantage of the security investments made by cloud vendors for applications such as CRM, content management, accounting, ecommerce, and messaging and collaboration,” says Wettemann. “Providing employees with a secure set of cloud accessible applications — where the vendor can provide security and access controls — will also give you a clear audit trail, and you can spend less time worrying about SLAs and security and spend more time on strategic differentiators.”
This trend will also be fueled by the more targeted attacks that cyber-crooks employ these days, says Brian Burch, Symantec vice-president of Americas marketing for small business.
Security threats to small businesses will be more targeted in 2013, says Burch. It used to be that malware was designed to spread as fast as possible and affect as many people as possible, but now malware is becoming purpose-built and deliberate.
Today’s cybercriminals want to get their malware injected into your network and have it remain hidden for as long as possible without being detected. That lets them steal financial information or use your servers as a steppingstone into your partners’ and customers’ networks.
Burch also sees ransomware starting to affect small businesses. Cyber attacks have evolved from website graffiti and destruction to outright extortion. Ransomware disables the functionality of a computer or server often by encrypting the files on it and locking out the user. The ransomware program displays a message that demands payment to restore functionality. About three percent of compromised users pay the ransom.
Small businesses are vulnerable because they often lack security software, or it’s not up-to-date, and they don’t have another copy of their data because they are not regularly backing up their data. Outside of paying the ransom, they don’t have a way to recover the data. This is where moving to a cloud based solution would help.
A lot of small businesses also rely on the cloud for infrastructure — the infrastructure as a service trend (IaaS). This positive trend lets small businesses get up and running quickly and easily for things like email, storage and file sharing. But attackers will go where users go, so it shouldn’t be a surprise that mobile platforms and cloud services will be high-risk targets in 2013.
“Small businesses need to apply the same level of security to data sitting outside the firewall in clouds and accessed on mobile devices,” cautions Burch. “They need to carefully evaluate cloud providers and understand how their data will be secured in the cloud environment.”
Allen Bernard has written and edited numerous articles that focus on IT management and its relationship with business. You can reach him at abernie182 @ gmail.com and follow him on Twitter at @allen_bernard1, on Google+ or on LinkedIn.
| Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today! |
