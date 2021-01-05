The unfettered access and flexibility that mobile applications and cloud-based networks provide employees has been a boon for many small and medium-sized businesses. But as Sean Sullivan, a security advisor at F-Secure, emphasizes, “Always on and working from anywhere means more devices and a larger attack surface area.” Even diligent and tech-savvy individuals who are cautious about their online behavior can be victimized by malware that takes advantage of vulnerabilities in software commonly used by browsers and programs, such as Adobe Reader, Flash players, and others, he says.

These type of threats are known as exploit kits, and they’re among the biggest threats to SMBs because device users frequently neglect to update their software, putting the businesses for which they work at greater risk. “More than half of what F-Secure is blocking these days are exploit kits,” he says.

The always-on culture presents risks from both the employee and employer perspective, each with a unique viewpoint, says Aaron Sanders, senior cybersecurity consultant at Nuix. For employers, the major risk is multiple devices being carried to far-off locations, protected with unknown levels of security and containing vast quantities of valuable corporate content. “More companies need to be asking themselves what kind of risk they’d be exposed to if ‘x’ device were lost or stolen,” he says. For employees, the greatest threats are privacy violation and the potential theft of their personal information.

There are important steps SMBs can and should be taking to protect themselves against these threats, starting with the use of a strong authentication process rather than passwords alone, says Craig Lund, CEO of SecureAuth Corporation. “Two-factor authentication has been around for some time, but innovations have brought us the ability to deliver adaptive techniques that provide strong security and frictionless user experience, which addresses one of the most frequent reasons organizations don’t step up their authentication -- user complaint,” he says.

Darren Guccione, CEO and co-founder of Keeper Security, notes that employee negligence was the cause of more than one-third of 139 data-breach incidents in 2014 in which the cause could be identified. “Much of this is due to ‘password fatigue,’ where employees use the same password for all of their logins,” he says. “In fact, 90 percent of employee passwords can be hacked within six hours.” SMBs should train their employees to use strong, unique passwords at least eight characters in length and containing a combination of upper- and lower-case letters, numbers and symbols. A password manager can be a beneficial safeguard because it relieves employees of having to come up with their own passwords; instead, the manager randomly generates those passwords and stores them, along with other documents and information, in a secure, encrypted vault.

Focusing on a few basic safeguards can greatly increase the level of protection for SMBs dealing with mobile security challenges, says Gary Davis, chief security evangelist at Intel Security. He suggests making sure every device has basic anti-malware security installed, and that a secure Wi-Fi network and firewall is implemented in the work environment. “Education is key. Taking steps to regularly educate and inform your employees about what’s going on in security will demonstrate that it’s important and encourage a safer online experience,” he says.

One of the biggest mistakes SMBs make in this area is forgoing mobile security software on the erroneous assumption that this is an enterprise-grade problem, and that its solutions come with enterprise-grade price tags, says Max Silber, vice president of mobility at MetTel. “In reality, there are many SMB-tailored mobile device management (MDM) software options and company-issued-device solutions that are scaled for the SMB market, both in pricing and services,” he says, adding that SMBs should look for strong, scalable solutions with industry-specific services.