This post is part of our cyberSAFE series focusing on SMB financial and reputational risks. You can learn more about the financial and reputational risks SMBs face during every phase of business growth by registering for our upcoming webinar on June 10th at 12 PM CT.
This cyberSAFE guest blog post comes to you from Kent Lawson, founder and CEO of Private Communications Corporation and creator of its flagship software PRIVATE WiFi. In 2010, after 12 years of retirement, Kent became interested in Internet privacy and security issues and the vulnerability of wireless communications in WiFi hotspots. He created Private Communications Corporation to protect consumers and corporations from privacy and security breaches on the Internet. PRIVATE WiFi, the company’s first product, protects individuals and business people while using laptops and other mobile devices at public WiFi hotspots.
Do you think your business is too small to have data that’s valuable to hackers? If that’s the case, you may be unknowingly exposing it to cyber threats that could spell disaster for your business. A whopping 42 percent of SMBs said they experienced a cyber attack within the past year, according to the 2013 Risk of an Uncertain Security Strategy study by the Ponemon Institute. Yet, despite that hair-raising statistic, 58 percent of the SMBs surveyed said senior management doesn’t consider cyber attacks a significant risk to their organizations. How’s that for denial?
It’s not surprising that cyber security complacency continues to make SMBs prime targets for cybercrime. Small and midsize businesses are lagging behind in their cyber security efforts, according to Symantec’s Internet Security Threat Report 2014. As a result, SMBs experienced the highest number of targeted attacks overall last year, nearly double the number from 2012. Even worse, those attacks lasted longer than ever.
Granted, it’s hardly a level playing field when it comes to SMBs and cyber security. Smaller businesses may not have a full-time IT staff like larger companies. They might not have a company network or maintain a corporate VPN. To control costs and improve productivity, SMBs may allow employees to use their personal mobile devices for work. But without a strong BYOD policy, the blurred line between personal and professional time opens the door to compromising company data.
SMBs and Mobile Devices: Who’s Minding the Store at WiFi Hotspots?
Nowhere is that security vulnerability more obvious than when employees connect to public WiFi hotspots. Since most WiFi hotspots aren’t encrypted, the data traveling them can literally be grabbed out of thin air. As a result, data theft is rampant. But that threat hasn’t stopped workers from routinely logging into hotspots. A 2013 survey by GFI Software revealed that over 95% of workers admitted using public WiFi connections at least once a week during their commutes to carry out work-related tasks, such as sending and receiving email, reviewing and editing documents and accessing company servers. More than one-third (34.2 percent) reported that they accessed public WiFi at least 20 times per week.
Think of it this way: Every time an employee accesses company information on a WiFi hotspot, the likelihood that your business will be the victim of a cyber attack goes up. For many SMBs, that risk isn’t hypothetical. More than 40 percent of small businesses report that they have been victims of a cyber attack that cost them thousands of dollars, according to a 2013 survey conducted by the National Small Business Association. Have you considered how much a cyber attack could cost your business? For many, the cost was too high: 72 percent of small businesses that suffered a major data loss shut down within 24 months. Make sure it doesn’t happen to you.
These are the simple steps you can take to protect every mobile device that touches your business.
How SMBs Can Secure the Mobile Workplace
- Make sure to install firewall and anti-malware apps on all mobile devices used for your business, and promptly install app and OS updates.
- Use strong passwords of upper and lower case letters, numbers and symbols and different passwords for each site. And uncheck the box that automatically saves them.
- Check before connecting to hotspots with strange names. Watch out for unusual variations in the logo or name of the establishment that appears on the login-page. That could mean it’s a fake hotspot designed to steal your data.
- Disable features that automatically connect your device to any available network. This will prevent you and your employees from accidentally connecting to a fake WiFi hotspot or a stranger’s computer.
- Disable printer and file sharing options before connecting to a hotspot.
- Limit your employees’ access to company data to include only what they must have to do their jobs. Also, make sure all the mobile devices used to conduct business – laptops, smartphones, and tablets – are protected by a VPN. VPNs like PRIVATE WiFi encrypt the data traveling to and from your mobile devices, which makes it invisible to hackers.