Wed 28 October 2020
SME – Myth #5: “My IT manager assures me that life is all good on the home front.”
If your IT manager tells you this, I would advise you take it with a pinch of salt. The swift and unprecedented migration from the office to remote working has thrown up myriad security issues no one – from the enterprise to your SME – could possibly be prepared for. Ask yourself: ‘Could someone really, comprehensively protect all of your company’s assets, and personal connected devices being used for homeworking, without weeks, if not months, of preparation?’
The answer is: they couldn’t.
Many of those organisations that did manage to respond in some way were rushed implementing fundamentally inadequate and insecure remote access solutions. This poses a significant issue to all businesses whereby employees are directly targeted by COVID-19 scams which seek to exploit this remote access software by gaining unauthorised access to secure systems and sensitive data. Equally, as businesses open-up their critical infrastructure to be accessed by their entire remote workforce, cyberattackers will be looking for new ways to break into their systems. SME’s may be further down the supply chain but they are increasingly the main target for cyberattackers looking to hijack their way into the larger enterprises.
Given the increase in the number of cyber-attacks on remote workers, SMEs, their IT managers and employees will have to step-up to defend themselves. This begins with acknowledging, rather than underplaying, the severity and enormity of the dangers at hand and adopting a vigilant and suspicious mindset. Of course, no one solution can fully protect against the growing array of attack vectors cybercriminals have in their arsenal. Therefore, enforcing a multi-layer defence strategy – deploying various security controls at the network and endpoint levels – is imperative.
As the first line of defence, enforcing inbound and outbound network traffic security checks is crucial. At the second, it’s vital to deploy a malware protection for endpoint devices by utilising both traditional malware scanning and behaviour analysis. That way, even if a system is compromised, the attack can be detected and disrupted before the damage is done. Thirdly, security awareness training should play a central role in the overall security strategy of any organisation. By raising awareness, organisations can significantly reduce their risk exposure to cyber-attacks. This becomes even more critical as we see the reliance on IoT devices increase to 74.5bn by 2025.
The trade-off between security and convenience means that employees will not be able to consistently detect and avoid targeted and sophisticated phishing attacks. BlockAPT with it’s robust overall defence-in-depth security solution can provide a holistic view of your security ecosystem providing the strongest protection to ensure that attacks do not reach employee in the first place.
If you are an SME, BlockAPT can support you to prevent the ever-increasing number of cyber threats and attacks facing your online web applications while you’re dealing with the challenges of having to deploy a distributed workforce.
To explore our platform, please register here.
Read more from our SME blog series:
CMO – BlockAPT
Email: [email protected] | LinkedIn: @rajmeghani
Passionate about cybersecurity, technology and enabling digital transformation.