A new normal for businesses amidst a global pandemic: What SMEs need to know
- In this post-Covid-19 world, remote working has become the new normal for businesses.
- Businesses have realised that there are many advantages to this change in working habits, such as increased productivity, decreased capital expenditures, better work-life balance and the ability to hire the best talent in the world, no matter their location.
- However, working remotely opens a business up to new and varied risks especially when it comes to cybersecurity and exposure of sensitive information such as trade secrets, employees and suppliers’ details and financial data.
- SMEs thus have to improve remote security practices for a safer and more productive working environment. They have to combine the right tools with continuous education for employees on cyber threats and how to combat them.
In consideration of the global COVID-19 pandemic, remote working processes have become the new normal for businesses. Even after the pandemic subsides, this stark change in working habits has shown many businesses that there are advantages to operating remotely. Increased productivity, decreased capital expenditures, better work-life balance and the ability to hire the best talent in the world, no matter their location – are just a few of the benefits businesses are starting to understand and embrace. However, working remotely opens a business up to new and varied risks beyond normal office environments. For instance, cybercriminals have found ways to exploit the increased popularity of telecommunication tools, particularly Zoom. Known as “Zoombombing”, unauthorised users are able to hack into a Zoom conference to capture screenshots of confidential screen shares and record audio and video from the meeting, or interrupt the meeting with inappropriate content. The criminals may then sell information stolen from these meetings on the dark web or use the information to orchestrate a more convincing phishing attack in the future. Cybercriminals will continue to exploit this increasing number of attack vectors as more businesses move into the “new normal”. Another risk involved with remote working is the high potential of cyber attacks over unsecured networks. Due to the increasing number of home workers, many are operating and transmitting sensitive information without a virtual private network (VPN). In a poll conducted by PCMag in February 2020, 71 percent of correspondents mentioned that they have never used a VPN before. This lack of data encryption opens up easy routes for cybercriminals, allowing them to obtain sensitive information such as trade secrets, employees and suppliers’ details and financial data much more easily than they would if employees were working over their secured office networks. In today’s cybersecurity climate, the opinion that small and medium-sized enterprises (SMEs) are “too small to fail” is no longer valid. With less resources and technical know-how, SMEs are typically the first targets as cybercriminals are able to leverage their business function as suppliers to gain access to bigger companies. Moreover, cybercriminals are constantly devising new and sophisticated ways to take advantage of security gaps. This makes it even more important for SMEs to ramp up their remote security systems (RemoteSec) to be ready for the new normal for businesses.
New normal for businesses: How can SMEs be prepared?
Preparing SMEs for RemoteSec
In the face of a pandemic, SMEs that were already lacking the appropriate infrastructure are now burdened with yet another cybersecurity challenge – to improve remote security (RemoteSec) practices for a safer and more productive working environment. For SMEs, this may sound like no easy feat, but here are some of the best practices to follow:
In managing customer data and critical logistics operations, what are the key cyber security considerations for SME business leaders?
Conduct security training
Begin by conducting thorough and widespread security training across your entire business. Essentially, the most efficient way of dealing with security threats is to ensure that your employees have the right security tools and resources to defend themselves, regardless of where they are and what network they are using. Securing your employees means securing the company, as human errors continue to be the number one cause of security breaches. In addition, for a more well-rounded RemoteSec posture, document and regularly practise remediation plans, exploring the most critical and likely attack scenarios. This will allow your executives and employees to make the best informed decision when a cyber attack presents itself.
Conduct a thorough cybersecurity audit
Conduct a thorough cybersecurity audit to ensure that you have the right tools for your business. Consider a layered stack of security tools that can be integrated together for a seamless and comprehensive set of protections. If that seems overwhelming, consider working with a managed service provider (MSP) to help ensure a proper security solution without having to research and manage it yourself.
Practise a scheduled daily scan
Next, remember that your IT operations and security teams may have also gone remote. This makes efficiency and process more important than ever. Routine is your friend, especially considering that the longer devices are out of the office, the less secure they become. Practise a scheduled daily scan for verifiable security. Then, establish a prioritisation scheme for high-value individuals such as executives or departments like finance, by scanning their systems two or more times a day. In order to maintain productivity and performance, it is best to use an efficient cloud-based solution. This will bolster security, monitoring and remediation efforts, whilst minimising risks.
Do not treat remote devices differently
Lastly, when an attack hits, do not treat remote devices any differently than you would the ones that reside inside your firewall. With so many remote users, it is critical to act quickly to isolate and recover compromised endpoints before the attack sprawls. Work to reduce your remote security operations’ response time from days to just minutes, and ensure that remote isolation and remediation are automated and effective. This can be done by leveraging expert incident responders to recover remote endpoints after a successful cyber attack. In doing so, the network will be as well protected from exposure through remote workers as when employees are in the office.
Cyber threats can be avoided
Cyber threats are here to stay in the new normal for businesses, but there are means and measures that businesses can take to turn these threats into empty ones. The most effective way to strengthen security and deter cyber attacks is to combine the right tools with continuous education for employees on cyber threats and how to combat them. A company’s infrastructure is only as secure as its weakest link and cybersecurity is everyone’s responsibility.
This article originally appeared in the Entrepreneur's Digest print edition #92 and has been edited for clarity, brevity and for the relevance of this website.
About the Author
Matthew Drake | Vice President, Asia Pacific | Malwarebytes
With over 20 years of experience in the cybersecurity industry, Matthew Drake is responsible for strengthening Malwarebytes’ channel partnerships and driving growth in a highly competitive sector across the Asia Pacific region. Passionate about security, Matthew works with customers to ensure that their evolving security demands are met and above all, keeping their remote workforces safe during this time and into the future. Together with the Malwarebytes’ team, his mission is to protect people and businesses against the latest dangerous cyber threats.