A false sense of security?

Organisations strive to keep operations moving

To stay afloat small organisations need to keep up with their competitors and roll out new products or services quickly. The use of digital tools is instrumental in making this happen – to enable collaboration, project management and planning and for interacting with customers. To be successful the tools must work properly and be accessible to every employee who needs them. This is why companies strive to maintain the continuity of these crucial business processes. Indeed, when it comes to IT security, one of the main concerns for 40% of businesses is the loss of access to internal and customer-facing services.

Are businesses really prepared for a data breach?

As well as access to services the data that underpins them is an important part of sales and planning, including analytics and customer information. According to the study most companies (94%) store financial reports as well as personal customer data — such as account numbers (80%), and bank card data (78%) – on employee devices, internal servers and in public clouds.

However, this abundance of data also brings increased risk of compromise. Whilst it appears that organisations are prepared for this – 72% of small and medium-sized businesses are confident that they are well or perfectly equipped in terms of data protection – this sense of security seems to be exaggerated. In 2017, 42% of SMBs suffered at least one incident affecting data security, with over a quarter (27%) of companies experiencing between two and five breaches.

In more than 40% of cases it is customers’ personal data stored within the organisation that is affected as a result of these incidents.

“Digital transformation gives small and medium sized companies new opportunities for growth. Collaboration services and other digital applications can have a huge impact upon efficiencies and long-term business success. But to ensure they are not adding a layer of vulnerability and risk into the organisation, it is vital to think about their security and that of the data they hold. As IT infrastructures become more complex, businesses can lose control over their data. To prevent growing organisations from falling victim to accidental breaches or planned attacks, IT security needs to become just as much a key to success as financial, legal and personnel considerations,” says David Emm, principal security researcher at Kaspersky Lab UK.

The following measures will help companies keep data secure and applications available, so employees can focus on their core business operations:

• Make sure someone is responsible for IT infrastructure and data security. This can be an employee from the IT department or an external partner
• With infection by conventional malware (51%) the most frequent IT security incident, reduce the risk of it happening to you by educating employees. Explain that they mustn’t open emails from unknown senders, download programs from unauthorised sources, or use unchecked USB media when working with sensitive data
• The loss of devices or storage media (45%) is the second most common type of incident, so it’s essential to use encryption to ensure critical data is not lost when a device goes missing
• Regularly check and install software updates and patches on all devices
• If employees use cloud-based storage and tools including databases, make sure these services are reliable. It is better to restrict use to just a few authorised providers
• Remember: responsibility for the security of corporate data always rests with the organisation, even if the data is stored in a public cloud or cloud-based application. Providers will ensure the security of the entire cloud environment, but they may not guarantee the safety of your data
• To protect critical data, use solutions specifically developed for SMBs. For example, Kaspersky Endpoint Security for Business integrates data encryption, application control, vulnerability and patch management. Kaspersky Endpoint Security Cloud includes functionality to protect data on devices, even if they are lost or stolen through password protection and anti-theft features that can lock, locate, or wipe content from the device