5 of the biggest cyber security threats to your start-up
Cyber attacks continue to rise among small businesses. Nuance Communications’ Jeff Segarra offers advice to help you protect your start-up...
Digital technology has made it easier and more cost-effective to do business than ever before, whether locally or on a truly global scale. But, with these opportunities, comes considerable web security risks so it's imperative that you protect your business.
You could be forgiven for thinking that hackers only go for the big fish of the corporate world, but in fact Symantec’s 2016 Internet Security Threat Report revealed that 43% of phishing attacks over the previous year were carried out against small businesses.
This threat is growing year on year, with this figure representing a considerable jump from 2011’s 18% so you would think that small businesses would be on full lock-down.
However, a recent survey – carried out by Nuance – found that only 50% of workers at all levels within UK businesses thought that document security was important, while a survey of international small-and-medium enterprises found that only 20% were worried about sensitive information reaching their competitors.
Fortunately there are ways to protect your business against the threat of cyber crime. Take a look at the top five cyber security risks to your start-up, and what you can do to protect your business…
#1 – The Internet of Things (IoT)
The internet is continuing to evolve rapidly, and one of the most significant mutations is the Internet of Things (IoT); that is, everyday items, from toasters to air-conditioning units, which are connected to the internet. According to a report by SpiceWorks, the most common IoT devices are video/surveillance equipment, electronic peripherals such as projectors, security locks and devices, sensors, and appliances.
While this again is opening up new opportunities, there are very real security risks associated with these devices, due to the fact that security has often been an afterthought of their design. SpiceWorks found that 70% of IT professionals believe that manufacturers “aren’t putting proper security measures in place.”
The risk of this is that these devices may be effectively creating easily penetrable backdoors into your business networks.
How to avoid:
- Know the risks – To protect against the threat they represent, you must first understand what IoT devices are present in your business. As part of your IT security strategy, include all IoT devices and detail any known security flaws.
- Protect – Any and all data passing through IoT devices needs to be protected using the same levels of protection – such as encryption and firewalls – as you would apply to any other part of your network.
#2 – BYOD (Bring your own device)
Whether its mobile phones, laptops or IoT devices such as smart watches, chances are your employees are bringing their own devices to work and connecting to your network on a daily basis.
This constitutes a threat for a number of reasons. A report by Crowd Research Partners found that 72% of IT security professionals were most concerned about data loss or leakage, 56% cited unauthorised access to company data or systems, 54% raised issues of downloading unsafe apps or content, while 52% malware.
How to avoid:
Many businesses will want to give their employees the freedom to use their own devices at work, but first you must take necessary precautions:
- Carry out a risk assessment – Identify each of the risks presented to your data and your network by people bringing their own devices to work.
- Set out a BYOD policy – This should incorporate things like ensuring that employees’ family members or others do not access sensitive work data, what contingencies are in place should a device be lost with work data on it, or if an employee leaves the company.
- Educate and make someone responsible – Make sure that the whole business is aware of the risks presented by BYOD and take necessary steps to avoid these. Make one member of staff responsible for monitoring and enforcing your BYOD policy.
#3 Document management
According to a survey by Accusoft, 34% of IT Managers have had problems with sensitive information being compromised due to poor document management. Improper document management – such as failure to use passwords/encryption can result in private data or customer details being accessed without authorisation.
The financial penalties, the potential for brand embarrassment and the damage to your competitiveness that this can cause should not be underestimated.
How to avoid
Switching to the PDF document format for all of your sensitive documents is a good first-step but it’s important to realise that PDFs aren’t inherently secure – you need to secure them using professional PDF software to:
- Encrypt and protect documents – Once encrypted, PDFs can only be opened via a password or an appropriate digital certificate. This helps ensure your data is only accessible by those who should have access.
- Redact information – Power PDF can effectively remove sensitive information such as customer details from a document.
- Manage rights – To control and protect your data and documents, it’s important to control who is able to view or edit them.
- Apply digital signatures – A digital signature is a way of ensuring that a document has not been altered since being signed by an authorised person.
#4 – Printing
Despite the array of purely digital threats that exist, the humble printer remains a critical security liability. A survey by Danwood found that 27% of UK office workers have thrown away documents without shredding, and 24% have left documents in the printer tray and forgotten about them. Hardly surprising then that 63% of businesses surveyed admit to experiencing one or more data breaches related to printing or multi-function printers (MFPs).
According to Information Age, 64% of IT managers believe that their printers may be infected with malware, the presence of which can compromise any secure documents sent to them.
How to avoid
A recent whitepaper by Nuance made a number of recommendations for secure printing, including:
- Require user authentication – By ensuring that all printer usage is logged to a specific user, you can trace the source of any breaches.
- Restrict access based on user level – Your print device should allow you to state what a user can and cannot do based on their access privileges. For example, some types of users might be restricted from using the scan function to send to an external email address.
- Encrypt data sent to the printer – Hackers often see printers as ‘soft’ targets.
- Require physical pick-up – Use a keycard or password to ensure that the user is at the printer when it prints.
#5 – Human error
There’s no doubt that malicious cyber attacks are a substantial threat but, according to statistics obtained from the UK Information Commissioner’s Office, human error accounted for 62% of reported data breach incidents. The most common error was simply sending data to the wrong recipient (17%).
In 2014, IBM’s Chief Information Security Officer Assessment found that 95% of incidents involve an element of human error.
How to avoid
- Training – Provide guidance on proper procedures and checklists that can be followed to ensure proper practice is followed.
- Identify and correct bad habits – Have a system for identifying when potential breach situations occur.
- Eliminate possibilities – Once you’ve identified where potential errors may be made, you may be able to put systems in place to prevent them from occurring, such as confirmation boxes and verification codes.
There are many cyber security threats out there that can put your start-up at risk, but with the tips above you can begin to prepare for them, and hopefully prevent them from occurring.
To find out how Nuance can help you eliminate threats to your data, visit its page on PDF security and rights management.