Business Security

Cybersecurity: Reality Check

Greg Mosher, 5 January 2018

Many of us have concerns about the use of technology, its security and the effects of breaches on business. But are our fears well founded or are we paranoid?

Avast asked small business owners and employees about their current concerns on a number of topics: from hacking and ransomware to mobile security and artificial intelligence. We then researched facts, stats and quotes related to each topic to see whether people’s concerns were corroborated by real world events, or whether we’re needlessly anxious...

This countdown shows the concerns of SMBs from most to least worried.

Reality-Check-Designs-Viruses.png

Are you concerned about viruses (malware, spyware, ransomware etc.)?  96% are

Reality-Check-Charts-Viruses-1.png
 
 

Verdict

  • The cost of attacks on businesses is growing
  • Malicious parties will always be trying new ways to con, trick and scam people
  • Many businesses are not prepared for attacks: training and software
  • You’re not paranoid!

Advice


Reality-Check-Designs-Mobile-Device.png

Are you concerned about mobile device security?  
91% are
Reality-Check-Charts-Mobile-Device-1.png

 
  • The Department of Homeland Security (DHS) report to Congress recommends security improvements within the mobile device ecosystem as threats are growing. The report also said that government mobile devices may become a way of attacking back-end computer systems
  • 40% of Australians have been victim to a mobile security breach and 25% have had one lost or stolen. 67% could be doing more to protect themselves.
    • 64% are doubtful that their organization can prevent a mobile cyberattack
    • Only 37 percent made a conscious appraisal for their company and decided there was not enough risk to warrant the investment
  • 20% of businesses have experienced a mobile breach
  • 24% don’t even know if they have or can’t tell whether they’ve had one
  • Only 38% of businesses employ a dedicated mobile security solution other than a standard enterprise mobile management platform
  • The 2016 Verizon Data Breach Investigations Report found no significant real-world data indicating corporate data breaches as a result of attacks on mobile devices
  • 31% of businesses said the biggest pain point with mobile security was resources needed to manage it
  • 65% of businesses said their main concerns related to BYOD were data leakage.

Verdict

Advice

  • Use corporate security awareness training to help users understand mobile risks
  • Companies and individuals should use digital security software on their mobile devices as they would their desktop computers
  • Set up devices to automatically lock after five to 15 minutes of inactivity
  • Configure devices to automatically wipe after 10 failed login attempts or if they are reported lost
  • Empower individuals to own their own device security
  • Automate compliance management
Reality-Check-Designs-Password-Hacks.png

Are you concerned about password hacks?
90% are

Reality-Check-Charts-Password-Hacks-1.png

Verdict

  • We’re working on it: companies are working on replacements of the password, including biometric data and two-factor authentication.

Advice

  • Use 2FA - two-factor authentication
  • Use upper and lowercase letters with figures and symbols
Reality-Check-Designs-Corporate-Data-1.png

Are you concerned about corporate data security and data theft?
89% are

Reality-Check-Charts-Corporate-Data-1.png

 

Verdict

  • Data breaches are on the rise
  • They directly affect companies’ bottom line
  • Small businesses are being increasingly targeted
  • You’re not paranoid!

Advice

  • Identify what sensitive information you have, what you use it for and where it resides.
  • Isolate or segregate sensitive data from the rest of your data and keep it in the smallest number of places possible.
  • Encrypt sensitive data.
  • Use a secure connection (SSL) for receiving or transmitting sensitive financial data.
  • Institute a good privacy policy, and make protecting sensitive data a part of the company culture.
  • Use a good firewall
  • Secure your wireless connection.
  • Keep digital security software up to date.
  • Create strong passwords
  • Password protect laptops and be careful where your employees use and store them.
  • Tether laptops to smart phones when out of the office
  • Vet third-party security practices.
Reality-Check-Designs-Wifi.png

Are you concerned about Wi-Fi security and breaches?
87% are

Reality-Check-Charts-WIFI-1.png

 

Verdict

  • Businesses are increasingly at risk from these threats as employees use public Wi-Fi or personal devices with work related, and often sensitive, data on.
  • As mobile Wi-Fi becomes increasingly common, you can expect Internet security issues and public Wi-Fi risks to grow over time.
  • You’re not paranoid!

Advice

  • Don’t use public Wi-Fi for online shopping and banking
  • Use a Virtual Private Network (VPN)
  • Implement two-factor authentication when logging into sensitive sites
  • Only visit websites with HTTPS encryption when in public places (not HTTP)
  • Turn off the automatic Wi-Fi connectivity feature on your phone, so it won’t automatically seek out hotspots
  • Monitor your Bluetooth connection when in public places to ensure others are not intercepting your transfer of data
  • Buy an unlimited data plan for your device and stop using public Wi-Fi altogether
  • Use SSL connections
  • Turn off sharing
  • Keep Wi-Fi off when you’re not using it
  • Stay protected with antivirus software
Reality-Check-Designs-Site-Traffice-and-Social-Media.png

Are you concerned about algorithm changes affecting your site traffic or social media channels?
66% are

Reality-Check-Charts-Algorithm-1.png

Verdict

  • Businesses that rely on traffic from social media or Google rankings can be negatively affected by changes
  • Some businesses treat social media audiences as ‘owned’ or having a certain fixed power, but changes to algorithms can diminish that power.
  • Many social media platforms state that changes are made to improve user experience. Though some seem to be made to help channels monetize their service

Advice

  • Work harder to create content that is more likely to engage with audiences.
  • Follow Google’s Webmaster Guidelines
  • Make your newsletter a ‘center of gravity’ for traffic, not social media
  • Employ an SEO agency to manage your site - navigate ‘algorithm storms’ and implement solutions.
  • Use free tools to monitor the effects of algorithm changes
Reality-Check-Designs-Artificial-Intelligence.png

Are you concerned about problems with artificial intelligence (AI)
46% are

Reality-Check-Charts-Artificial-Intelligence-1.png

  • Startups are using AI to dramatically drive down the costs of health care while increasing effectiveness.
  • Energy industry AI would be able to use predictive algorithms to balance grids and self-heal networks in case of bugs or hacks
  • AutoML (auto machine learning) allows one AI to become the architect of another
  • Singapore sets aside £83m for 100 projects that use artificial intelligence to solve “real-world” problems
  • Stephen Hawking: "I believe there is no real difference between what can be achieved by a biological brain and what can be achieved by a computer"
  • Elon Musk: “The development of full artificial intelligence could spell the end of the human race”
  • Mark Zuckerberg said “we can build AI so it works for us and helps us”
  • Google co-founder Larry Page: “AI will allow people to have more time with their family or to pursue their own interests”

Verdict

  • Artificial intelligence’s record so far is very positive
  • Our worries about AI seem based on movies not reality
  • ….as well as our own existential issues
  • AIs reaching the level of ‘intelligence’ or ‘consciousness’ of humans is still very distant - if impossible
  • Proceed with caution...

Advice

  • ...and relax.

Conclusion

It may come as no surprise that small and big business alike are concerned about the vast array of cyber threats they face. What is surprising is the lack of investment in preventative measures.

With half of companies being attacked by ransomware alone, SMBs could be doing more to protect themselves using trusted, high-quality internet security services like Avast.