Dave Adamson, CTO, Espria
The modern business model is one of agility. In the past few years, we have seen a growing number of small and medium-sized enterprises (SMEs) discarding traditional, hierarchical ‘top down’ infrastructures and creating flatter and more flexible structures. As reported in Mimecast’s “State of Email Security 2023 Report”, the modern work surface is dependent on collaboration tools, embracing ways to integrate communications and messaging with project management.
While this culture promotes innovation, collaboration and an entrepreneurial work ethic, it easily puts strains on IT systems designed for a different age. Veeam’s Data Protection Trends 2023 Report highlighted that nearly 80% of organisations currently have a protection gap. Many organisations are struggling to achieve agility with legacy IT that has been designed for slower and less dynamic business structures.
This has thrown up significant security challenges over how data is used and shared. SMEs are, in particular, ignoring data security as they rush to adopt applications to improve work processes. Change is needed to the attitude of IT operators currently failing to keep their business dynamic whilst maintaining data protection. Businesses must adopt best practices to keep their organisations agile and their data secure.
Embracing cloud-based storage platforms
Many small firms keep their files on a Network Attached Storage device (NAS). It works much like a USB drive or a local hard drive and is stored in a separate workstation of a small server. Whilst this is typically the easiest and most straightforward route for SMEs to take, it can bring several data security problems.
Aside from hardware failure concerns (resulting in a complete loss of company data), flat organisational structures can typically lead to data corruption from compromised computer systems. If all employees are accessing a NAS from multiple stations and devices, the threat of virus infection or Trojan backdoor software attack rises. Avoiding detection, malicious software can copy, restrict access to or simply delete large amounts of your data.
Instead, small and agile businesses would benefit from cloud-based software systems, such as Microsoft 365. Enabling flexibility and remote working, cloud-based storage options cannot be hijacked or infected. With third-party management, your provider can enact strong security features around them, shouldering the risk of their protection and enabling your own business to focus on where it can best add value.
Ensure robust staff training
Even if you have the most secure data storage system, your data can be compromised through your employees’ actions. More specifically, a lack of cyber self-defence can seriously impact the security of your business’ information. The key to preventing this is to make sure all your colleagues are fully trained in the best online and data-management practices.
Firstly, make sure that your staff are fully trained in security awareness. Employees are commonly a hacker’s first target and point of entry, so it’s best not to overlook this. Ensure they’re trained in spotting the major warning signs of a data breach, such as “out of character” events like a 3:00 AM login or a “ghost” user. Enabling staff to spot these signs means that they can perform basic actions to prevent possible attacks before they start.
In addition, make staff aware that it is never advisable to save files locally rather than on a secure storage platform. As with NAS systems, malicious software can easily access sensitive files stored on a local hard drive. Training staff in the dangers of such practices can ensure your data remains secure while working without a rigorous hierarchical infrastructure.
Don’t lose track of office devices
Strong cybersecurity training could easily be undermined if a business owner does not ensure every office device is properly secured. Without endpoint protection across workstations, laptops and mobile devices, an agile business’ data security is at serious risk of attack. Thankfully, there are some simple steps a small businesses can take to prevent this issue from taking hold.
For workstations and laptops make sure every device has trusted anti-virus software installed that is regularly checked and updated. This is basic, but essential – as a first point of defence anti-virus software can be invaluable at protecting against attacks.
When dealing with mobile devices, managing how and where they can access your data is critical. In a fast-paced, active and agile business, employees could need to work from anywhere at any time. However, it is important to ensure that the network they use to log into your storage is secure and trusted. Enforcing company policy to deny access from insecure cellular or Wi-Fi services enables staff to work from any location and protects company data from malevolent attacks.
Remember; the SME of today is the large corporation of tomorrow. Some data attackers can attempt to gain access to your data today in order to take advantage of your information down the line. Through a secure storage platform, robust staff training and being mindful of office devices, nimble business owners can ensure their company information is safe and protected well into the future.
