With all of our work lives and digital business increasingly dependent on the internet, any downtime means loss of earnings.
Incoming regulations and European Union directives, while they may seem arduous and daunting, especially to smaller enterprises, are necessary. The housekeeping they will enforce is necessary to protect businesses from risks. The consequences of delaying action could be hugely detrimental to business.
According to Karl McDermott, head of connected solutions at Three Ireland, all businesses should consciously develop a security policy, based on awareness of risks, development of security tools, monitoring and detection, response and recovery strategies, and continuous training.
Working with Three’s varied business clients, from single home office users to large multinationals and government departments, McDermott says: “They all have the same need to protect their employees, customers, data and systems.”
While it may seem pessimistic, he advises the best way to approach cybersecurity is to “Assume that the company will be attacked and deploy tools to automatically identify threats, to recognise malicious and unusual behaviour and to take action against these threats.”
Among the common cybersecurity issues that are top of the agenda at the moment, he cites ransomware as the most worrying currently: “Cybercriminals are using increasingly sophisticated extortion techniques to steal data and then to encrypt the data.”
In terms of security tools needed to protect the company’s crucial data services and assets, McDermott says: “This is typically security applications on laptops, mobile devices, firewalls on networks and any other devices connected to the network.”
McDermott’s key advice to business owners is not to forget mobile phones in their cybersecurity audit: “The number of security attacks on mobile devices [mobile phones and Internet of Things devices] are increasing rapidly. Historically businesses have tools to secure laptops desktops and servers using antimalware, anti-spyware and antivirus software. Mobile phones need to be protected in the same way.”
David McNamara, chief executive of CommSec, sits on the Cyber Ireland committee for SMEs. (Cyber Ireland is the national cybersecurity cluster organisation that brings together industry, academia and government to represent the needs of the cybersecurity ecosystem in Ireland.) Cybersecurity is an issue it is trying to push nationally – “Every business to have at least a baseline framework that they can adhere to” – particularly when it comes to SMEs.
“SMEs are such an important part of the national supply chain, that they’re the ones that are getting hit in order to get into larger organisations,” he warns.
When it comes to setting up security tools, he advises not to stick with the default settings on devices, but to spend the time to configure them correctly: “Configuring it for your particular device, whether that’s a laptop or desktop, mobile phone or even a server or a firewall.”
McNamara advocates for taking the time to make sure security patches are up to date to make sure any vulnerabilities in the operating software or applications you are using are fixed, even though the time it takes can slow down workflow. “Attackers are hoping you don’t do this because that’s their way in. Once you have access to the internet, they can go in and exploit those vulnerabilities,” he warns.
He is concerned that for some smaller companies, security is an afterthought. It’s an issue CommSec looks to solve for its SME customers, with an affordable service called Business Secure, which covers the three key devices per user – desktop, laptop and mobile phone.
While it can seem overwhelming for small businesses, who, particularly after going online during Covid, just want to trade, McNamara maintains there are simple things to prioritise that will make a huge difference and protect them against phishing and ransomware attacks. “Educating your users what to look out for will stop a lot of those attacks, enabling MFA will stop an awful lot of those attacks; between those two things alone you will stop around 80 per cent of attacks.”
The other key critical thing he advises is backing up data. With password protection, MFA and encryption to secure data, “that makes it very difficult for any attacker to get in”.