BYOD For Small Business
Do you have a firewall? Do you have user permissions setup? Should you? For small business owners busy with the day to day tasks of running a business, it's hard to stay current on changes in IT threats. So it was no surprise to us when in a recent study performed by the SANS Institute on Securing Portable Data and Applications for a Mobile Workforce, it was found that organizations are lacking IT security and control over their BYOD and mobile workforce.
BYOD is Bring Your Own Device and it refers to when a business allows an employee to use their own computer, laptop or smartphone to access company files and data.
Employees that work from home, work remotely, or freelance on multiple projects using their own devices are all referred to as members of a mobile workforce. While there are many benefits to a mobile workforce, IT security has proven to be difficult. So why should you care?
Well, you may care because IT threats against small business have been steadily rising. New threats such as crypto locker are emerging. And experts say that many breaches are preventable but users don't do the basics, which makes a great case for managed services - having a dedicated IT support company taking care of the basics for you.
Let's quickly look at some stats and stories.
Mobile Work Statistics From The SANS Report
- 43% do not manage the desktops used by mobile workers creating a higher data security risk
- 30% of employees access corporate resources from unmanaged PC’s, which equates to a big risk of key logging and other data copying malware
- 25% do not have any controls or user permissions in place
- 13% encrypt data on USB keys - the other 86% risk data breaches or theft when USB keys are lost or stolen
- Download the entire PDF report here
Ask yourself, where do you fall within these stats? What would happen if your data was breached, deleted or stolen today?
You probably drive your car every day and never worry about being hit, until you're hit. It's the same with data breaches. You don't think it will happen to you until it does. The good news is, there is a lot you can do to prevent a breach. You just may need to hire a little help, and that's ok.
Is It Safe To Let Employees Work Remotely?
In my own experience as a former dental practice manager, I saw mobile workforce security problems first hand in an office I worked at, whereby a free remote desktop software platform was given to any employee who wanted to “work from home”. This meant that all confidential patient records were accessible from the employee at home - or anyone else using their home computer.
The larger problem was a lack of security control and antivirus on those home computers. Malware infected computers could expose confidential data to cyber criminals.
I am happy to say that after raising the concern, the owner stopped remote access for everyone except a few key members of the team. Security was reviewed with them, and they were reminded of the data privacy clauses in their employment contracts and prompted to update their computer security at home. These were all steps taken in the right direction. To take it to an even safer level, as a business owner, you should manage any offsite computers your employees use to access your company data. Safest yet would be to have a small business IT support company manage both your in office and off-site computers for you if your primary business isn't in IT.
As an IT Services Coordinator here at TUCU, I see small business owners in many industries making similar computer security mistakes. A lack of understanding the risk coupled with a one time stroke of bad luck could equate to a deadly blow to your business.
A few months ago, we had a young company call us to inquire about managed services for their team. Managed IT Services provide proactive security updates, user permissions, a firewall and better spam and threat filtering, and overall better network security and data protection. The new company loved our plan and prices, but they didn’t proceed. Here’s why. This young company had 2 marketing consultants who loosely worked with their team and had complete access to all their confidential documents. Those two consultants didn’t want any user permissions on their computers because they used their computers to freelance with multiple clients.
We explained to the client that the fact that the consultants used the same computers to connect to multiple networks, and that the computers didn’t have basic security provisions on them, and that we know nothing about the security of the other networks, all posed significant network security threats. We explained that it isn't possible to properly secure their network with two wild cards on it.
The consultants kicked up a storm and the fledgling company caved to their demands.
They felt they needed marketing guidance more than IT security.
It shouldn’t a be this or that decision.
If you need marketing help, hire consultants who will work within good BYOD and IT security protocols. Don’t forgo computer security to meet the demands of your marketing consultant. Because after all, one IT security breach could shutter your business, and no amount of marketing can fix that.
Some of the dire consequences we have seen small business owners with woefully inadequate computer security in place suffer include employee theft of entire client lists, employee misdirection of new leads, employee sabotage and more.
In these days of near perfect phishing attempts, crypto locker network viruses and a steady rise in computer security attacks against small business, solid network security is a must. Protect your business from internal and external threats.
While the statistics in the SANS report are shocking, at the same time, they are not surprising to IT professionals. We don’t want to sound like alarmists or Debby downers. We simply want to point out that while cyber threats are growing fast, there isn’t necessarily a corresponding rise in network security in the small business realm.
Today is a good day to invest in IT Security by hiring an IT Consultant to help you understand good practices and how to set them up. If you can't budget the necessary upgrades to close security gaps in your business, make a plan to do things in chunks. Progress is better than doing nothing at all. And your computer security certainly won't improve on it's own, so be prepared to listen, learn and make a plan to move forward with IT security improvements. A good consultant will be happy to take the time to explain things, answer your questions, and help you understand why you need to make changes.
BYOD & IT Security Solutions in Toronto: For IT security support in Toronto, call on TUCU. We have been designing and implementing SMB IT Solutions since 2003. We offer everything from basic computer support to IT security assessment, remediation and IT management services to help you run and grow your business. Schedule your free consultation today. We'd love to speak with you about your IT needs.