Small- and medium-sized enterprises (SMEs) have always been in the spotlight when it comes to security risks and breaches, but the intensity is increasing exponentially during COVID-19.
Right now, many businesses are preoccupied, working in survival mode as daily routines have been disrupted and cash flow has diminished because of the pandemic. It’s understandable that data protection has slipped down the priority list, but it’s now time to give it top billing. It’s especially alarming, given that only 40% of small-business owners have implemented some kind of cybersecurity policy, according to a recent Cyber Readiness Institute (CRI) survey.
As businesses adjust to people working remotely, half of those surveyed expect a rise in cyber incidents, according to the report. Nefarious phishing scams are bound to increase, so this is no time to lapse on best practices for data protection. Instead, critical concerns for SMEs should include implementing new policies around emails, protecting sensitive data and cloud-based communications.
Ensure Emails Are Safe
Conducting business with personal email accounts (and hoping for the best) may have gotten businesses through the first few weeks of lockdown, but it’s now long past acceptable. If, according to TechJury, average office workers sent approximately 40 work-related emails and received about 90 daily before COVID-19, imagine how that number has surged. Email has a more prominent profile in communications, replacing many in-office conversations and face-to-face meetings. Therefore, steps must be taken to ensure email exchanges and associated attachments are safeguarded.
SMEs are at a distinct disadvantage here as traditionally they lack a chief information security officer (CISO) or chief data officer (CDO) to guide corporatewide data protection policies. Adding fuel to the fire: Under many work-at-home scenarios, corporate IT staff have been replaced by quarantined teenagers and secure data center servers have been supplanted by household cable modems.
Focus First on Protecting Data
So, how should SMEs reduce their data security risks? The most obvious place to begin is the area that poses the most organizational risk and has the most value: data. It is critical to protect data at the point of creation and flag potentially sensitive information before it is sent in the body of an email or as an attachment.
Equally important is understanding that unstructured data—back to those pesky emails and file attachments—often carries the most risk. And, finding all the places where sensitive data exists is analogous to locating a needle in a haystack. That’s why identifying, classifying and protecting data based on its content and context is essential.
Caution With the Cloud: Be Responsible
As more SMEs move to the cloud, many are experiencing integration problems with existing data protection tools. This causes siloed security ecosystems, where false negatives occur, as well as stifled rollouts and increased friction from users.
While relying on cloud-based communications for work-at-home environments will improve protection of most business conversations, the solution is not fully sufficient. With millions of people now working remotely, new cybersecurity risks are emerging, most notably because people are accessing and sharing information—some of it bound to be confidential—via the cloud.
Working with a cloud service provider (CSP) will improve cyber readiness, but this doesn’t make SMEs impervious to threats and breaches. Leading CSPs are well-trained when it comes to cybersecurity, but the reality remains that companies themselves are ultimately responsible for making sure employees are versed in best security practices.
With limited IT support, SMEs need data classification solutions that are simple and quick to deploy, so sensitive data can be identified, classified and protected while also meeting privacy regulations. With proper data safeguards in place, companies don’t have to rely solely on VPNs and firewalls, which can be ineffective and/or impact operations.
Get Comfortable With Working From Home
The key for SMEs is to be prepared, especially as working from home becomes the “next normal.” A survey by Global Workplace Analytics estimated 56% of the U.S. workforce jobs were compatible with working remotely before COVID-19 hit, and it appears that percentage will rise significantly in the future.
Nationwide Mutual Insurance Company, which shifted to a 98% work-from-home during COVID-19, announced it will embrace a hybrid model permanently going forward. Facebook declared that many of its employees will remain home-based going forward. The CEO of Morgan Stanley, where 90% of employees currently are working from home, promised the company will embrace “much less real estate” in the future.
There’s no better time for businesses to lower security risks so employees and those responsible for data security feel more comfortable with work-from-home transitions. While everyone hopes the pandemic will be over soon, the lasting effects stand to transform where and how workers perform their jobs forever.