In this edition of Connected Thinking with Virgin Media O2 Business, data security experts Anton Davies and Stephanie Nisbet explore the risks of poor security investment, and the steps to ensure your data is safe and secure, wherever it needs to go.
As medium-sized businesses continue to implement the latest tech to keep up with employee expectations and increasing customer demands, their data needs to do more, in more places.
Employees accessing information from different devices and locations has allowed for more seamless and agile work. But it has also opened businesses up to very real risks.
In our recent report, ‘Medium businesses: Fuelling the UK’s economic engine’, we found that nearly a quarter (24%) of medium businesses cited security as their biggest internal challenge.
According to Sophos, last year over half (57%) of medium businesses across the country were hit by ransomware attacks, which is just one example of a malicious attack on data. The average cost to each organisation to rectify the impact of an attack like this is over £600,000.
There’s no denying that for a medium business, undue costs such as this can be catastrophic.
Fortunately, there are simple and actionable tactics that businesses can employ to prevent these kinds of risks.
The key is to be proactive and get ahead of potential threats by shoring up your defences and ensuring you have the right policies in place to protect your devices and your employees, wherever they choose to work.
So, what steps do you need to take to ensure your data stays secure?
- Understand the risks before they can have an impact
Often, one of the issues businesses face is understanding what cybersecurity looks like in today’s world, and what solutions are out there.
72% of medium-sized organisations have experienced an increase in either the volume, complexity, or impact of 
cyber-attacks in the last year, and phishing attacks have only become more sophisticated post-pandemic.
Solutions are becoming more advanced to tackle this growing risk. With it being harder than ever to sort legitimate communications from potential threats, security tools are now designed to identify suspicious behaviours within a customer environment.
One example of a security solution is Unified Endpoint Management (UEM), which allows you to monitor and manage a whole suite of devices through a single platform. This means you can protect not only your office equipment, but the personal devices that your employees use to access company information, enabling more secure hybrid work.
Investing in cybersecurity solutions like this can also help businesses mitigate future costs. Cyberattacks are expensive (86% of ransomware attacks cause a loss of revenue), and so too is the mismanagement and replacement of user devices such as laptops and mobile phones.
Businesses also need to consider compliance with cybersecurity regulation, which is increasingly calling on businesses to prove they have the security essentials in place to minimise the risk of costly pay-outs.
In today’s tough economic climate, risk is the last thing businesses need. Doing the due diligence now will lead to a more secure and reliable future. Often this can be as simple as a certificate of training, such as the Government backed Cyber Essentials scheme.
As the complexity of cyber-attacks grows, so does the onus on businesses to ensure they are protected. So, make sure you’re up to speed with the consequences of poor data security by challenging your suppliers and leaning on your IT teams. Together, you can prioritise the investments that will minimise risk.
- Get your employees up to speed with security policies
Although many cybersecurity solutions focus on protecting your critical infrastructure, it’s important not to forget your endpoint devices – the ones used by your employees.
The way your employees interact with business data in the hybrid world can open you up to risks. Employees need to get up to speed on how to properly interact with their devices, because monitoring solutions can only go so far.
When you supply business devices, you can use software such as MaaS360 or Microsoft Intune to add layers of protection. For example, these tools can put in place conditional access rules to cloud services, or automatically detect and remove malware on devices.
However, it can be harder to prevent employees from risks on unmonitored personal devices, often requiring more training and HR policies to educate your employees on best practices.
In general, policies such as enforcing two-factor authentication on all devices that employees use to access company information, and ensuring all mobile devices are secured with 4-digit pins that are regularly changed are quick wins to reinforce your security.
Requiring your IT teams to keep track of your device inventory and implement regular digital health check-ups can also help ensure antivirus and antimalware software is up to date.
The key here is to seek support from your supplier to explore how your employees need to interact with their tools, and where possible weak points may lie.
Only then can you ensure that your employees are a part of the solution, keeping your data safe beyond the office and working more productively in the process.
- Ensure your solutions are tailored to your business needs
There’s no one size fits all approach to cyber strategies. With medium businesses, often the responsibility falls to a small IT team that may not have the resources to manage an entire security system.
This is when it’s important to challenge your suppliers to deliver the level of support that you need. For some, this may be assistance with implementation and a hotline to answer any questions. Others may require fully managed services with dedicated account managers and a fully realised support strategy.
For example, a Device Enrolment programme may be a good choice for a business struggling with the upkeep of mobile devices. Your UEM solution can be applied to each device for you, taking the pressure off your IT team and giving you the benefit of true corporate ownership of every device.
Solutions like this are key to a good cybersecurity ecosystem, one that doesn’t require too much time to manage and oversee. Monitoring and prevention systems are there to free up your IT teams to focus on improving employee experience and deliver maximum value.
- Consultancy is key to helping unlock this value.
The world of malware, viruses, and ransomware can feel daunting. But they are also opportunities to reflect on your security strategies and make the changes today that will help you tomorrow.
With the right partner, you’ll be able to rise to new security challenges together.
Get in touch today to talk to one our experts about finding the right solutions for your business.
