How can I make my small business cyber-secure?
Apple rolled out an update to its iOS 16 to fix two major security flaws in February, urging users to upgrade now to avoid cyber threats. It’s not the first time the tech giant has issued security warnings this year, with owners of older Apple models also being urged to upgrade their settings. With hybrid working here to stay, many teams are using their personal devices for work. But what does this mean for business security?
All businesses, big or small, can be the target of a cyberattack. A 2022 Government report found 39 per cent of UK businesses have identified at least one cyberattack within the past twelve months, and almost a third of businesses are attacked as frequently as once a week. And it’s likely that the true figures are even higher than these, as just detecting a cyberattack requires a minimum level of cyber security to already be in place.
The risk of a business being a victim of cyberattacks can increase with the use of bring your own device, or BYOD, policies due to the security challenges that using personal devices for work activity can bring. So what are these challenges, and how can we overcome them?
The challenges
With an increase in working from home, many employees are still using their personal mobiles for work. Apple’s security fixes highlight the need for continuous updates to ensure devices stay protected throughout their lifetime. But not everyone updates their phone immediately, and some may not update altogether. When these devices are used for work purposes, they can expose the business to unknown threats, potentially putting its security at risk. And because these are personal devices, rather than employee-issued, it’s very difficult for the employer to enforce any kind of update.
Preventing employees from accessing unsafe sites and applications can be done on managed devices and applications, but again, that’s not so easy to achieve on personal devices. Users might be less inclined to report potential security issues in case it results in having their personal device investigated.
Combined with other issues such as user and password sharing, as well as the difficulty of wiping company data on a lost or stolen device, the scope of the problems with personal equipment become apparent.
Achieving greater security
Luckily, there are workarounds. One method of achieving greater security within the BYOD model is to implement a Mobile Device Management, or MDM software. MDM software can be installed onto individual devices with an IT administrator managing the overall infrastructure. The administrator can then enforce policies across the system, such as ensuring new security updates are installed or wiping company data from lost or stolen devices.
And to alleviate privacy concerns, some MDMs can compartmentalise company data separately to the rest of the device. In this setup, security policies are enforced only on the resources and applications relevant to the company, allowing employees to feel reassured that the rest of their device is still private to them, while maintaining business cybersecurity.
However, MDM isn’t a one-size-fits-all solution. Different devices and operating systems can pose a challenge and may require more than one MDM software or policy to be supported. This can also lead to those on more uncommon or older devices being overlooked, which can render the rest of the system useless if those devices are subjected to attack. And the cost implication of purchasing and running multiple MDM solutions can be unappealing, particularly for businesses that are only using it to support a relatively small number of devices. So, what’s the best solution?
Stepping away from BYOD
Moving away from the BYOD model and towards a policy of employer-issued business mobiles is the ideal. By opting for a business-owned and business-managed model, the company has complete control of its security infrastructure from start to finish. Hardware and operating systems can be chosen to fit the needs of the business and provide a uniform topology, which can be helpful in ensuring other business software and applications are functional on these devices.
Changes to policies can be made quickly and with ease, meaning that the entirety of the business stays up-to-date on its security. And the benefits of business mobiles are likely to extend beyond the business’ cybersecurity, helping employees achieve a greater work life balance while ensuring they have all the tools they need to get the job done from wherever they work.
With cyberattacks on the rise, it’s more important than ever for businesses to ensure that their valuable data is protected. Security shouldn’t just be an afterthought ─ it must be considered at every level of the business and for every single employee to ensure complete protection, for now and for the future.
Crystaline provides all the newest business mobiles, as well as MDM solutions from Vodafone and Samsung. For advice on how you can make your business cyber-secure, get in touch with the team today.