2020 has abruptly thrust most of us into the mobile workplace — a reality that pushed digital transformation from a buzzword into a lifeline. An integral part of that mobile workplace is the BYOD, or Bring Your Own Device concept. While essential for small businesses, BYOD also poses a threat to remote work cybersecurity if left “as is”.
The fact that employees now use personal mobile devices for everything from personal entertainment (e.g. free movie nights) to daily business tasks involving sensitive data means your team doesn’t have to go far and wide to catch cyber viruses. And let’s say right away that cyber viruses are as dangerous to your small business as coronavirus is to your health.
Just like their human counterparts, cyber viruses are extremely contagious, have a thing for “big” gatherings of people (think torrents and freeware), and can go unnoticed for several days. Worst of all, it is precisely remote workers who bring the most risk to their companies, a new Kaspersky survey finds.
What cybersecurity gaps should remote workers and small business owners pay specific attention to? Here are seven important stats you can’t miss.
2/3 of remote workers don’t receive instructions on cybersecurity from their company
A lack of team culture on how to protect personal devices are the top reasons data breaches occur in small business environments, according to the Kaspersky survey. The problem is two-fold: a lack of consistent security information for team members (even if that’s a team of two) and an equally dangerous belief in small business “invincibility” that many smaller companies share.
Most small business managers and owners think security as only necessary for the “big guys” — so if you aren’t anywhere close to Google dimensions, you’re all safe. This is a very frequent misconception since small business is vulnerable on two fronts: website hacking and data leaks due to unsafe BYOD practices.
DDOS or “distributed denial of service” remains a very popular website hacking tactic. This means that your network is bombarded with spam traffic so real users can’t gain access to it. At this point, hackers will force you to pay them in order to restore service. According to Embroker, here’s how educating your employees and creating a proper response plan will help protect your business against common types of cybercrime.
68% of remote workers use personal devices for work
Kaspersky’s survey revealed over two-thirds of respondents using personal devices for work — which in 2020 conditions is nowhere near surprising. What is problematic is the content these personal devices are subjected to outside of working hours.
Add to that the Pew Research Center data demonstrating that 53% of 1000 surveyed internet users aren’t certain about things as basic as http vs https protocol (in case you aren’t sure, the extra ‘s’ in the web address shows that the website encrypts your data and is basically, a yardstick of website safety), and you’ve got the perfect recipe for a hacker attack on your newly-remote workers.
33% of remote workers use personal devices to access content known for frequent malware attacks
If you’ve ever downloaded freeware — or watched a movie online for free with fingers kinda crossed, this one’s for you. But if the next morning you sent an email to a colleague with business information that’s by default private, well, you better cross fingers on both hands!
As a business owner or manager of a small team, keep in mind that the same devices your team uses to send each other documents, sensitive client information, and access business software is the very device on which about a third of remote workers also access high-risk content.
The aforementioned Kaspersky study found that one-third of respondents admitted to viewing adult content from the same personal devices they use to access business data. And the problem with such content is it draws hackers like honey. It’s the perfect place to distribute malware.
Other frequently hacked content remote workers view from personal devices includes:
- Freeware
- Torrents
- Games
- Pirate content like free streaming movies, music, etc.
You’ll find that asking team members upfront whether they’ve accessed any of these websites in the last 2 months may not go very honestly or transparently. But sending your remote team a regular memo with the reminder of not accessing such websites on devices they use for business is a no-brainer.
Wi-Fi attacks on your data can take less than 2 seconds
Remote workers may think Wifi is among the greatest inventions of humankind, but in reality, it’s also the biggest threat to small business security. Connected to in a random way (think cafes, hotels, and other public spaces) Wi-Fi is as bad a security threat as it gets — and all it takes for malware to get under your device’s “skin” is 2 seconds, according to Extreme Network.
The problem with remote workers, especially those just gone remote is they don’t really understand the danger behind Wi-Fi networks, even password-protected ones. And even if they do know it, they may just forget to protect their devices “occasionally”, while in a hurry.
After all, 75% of people say 1 week without Wi-Fi would leave them grumpier than 1 week without coffee. How much of that Wi-Fi connectivity is done with all safety practices observed? It may be time to ask your colleagues.
Only 13% of internet users understand VPN
VPN is the must-have when connecting to public Wi-Fi, but it’s a great tool way beyond that. VPN safeguards your data on password-protected Wi-Fi since the latter is not a guarantee of a secure network in itself. It also protects your mobile data and home broadband.
The problem with VPN, according to the same Pew Research Center survey, is that 70% of survey respondents that encompassed over a thousand American internet users say they aren’t sure about the role of VPN in minimizing Wi-Fi risk. For a business that’s dealing with a lot of sudden remote workers, this lack of knowledge is especially troubling.
For non-IT sectors, I’d suggest hooking up to a specific VPN service and sticking to it since non-tech people are really better at sticking to something that their team uses too. Do the same for antivirus software, including antivirus on mobile devices. Explain to your team the importance of paid antivirus software and even buy it on company budget if necessary.
90 percent of mobile apps are susceptible to cyber-security threats
Cybersecurity experts show that it’s extremely easy for hackers to get into a remote worker’s personal device through mobile app downloads. With dozens of apps being downloaded to mobile phones, iPads, and tablets, mobile devices users often go for free vs. verified.
For example, a solopreneur in search of a second phone number may go out to find a free mobile phone app that promises to take care of the problem instantly. Or you may be in search of VPN to safeguard your Wi-fi connection. The list goes on and on. There are lots of free apps for many needs, so why overpay, when you can google your way to freeware?
So malware doesn’t find your way into your devices, remind your remote workers to download only verified apps and avoid any apps that ask you to download through PC first. There are lots of legit apps out there that are both cybersecurity verified and low-cost.
For example, anyone looking for a low-cost second phone number can check out this mega-comparison of VoIP providers which shows only cybersecurity safe and verified providers. Likewise, for free VPN, you can use something like Kaspersky VPN that has a legitimate free daily traffic quota.
30,000 small business websites are hacked each day
Last but not least, a small business should always remember to protect its website against hacker attacks and remind employees that they should always use antivirus software on all devices (including mobile).
Hackers are targeting SMB websites all the time precisely because it’s most relaxed about cybersecurity! As a result, 1/3 of data breaches target small business and 30,000 SMB websites are hacked per day. If you think that’s not you because you’re a legit site, think again. Those are precisely legitimate small business websites that unbeknownst to their owners have malicious content attached to them.
Some of the most accessible anti-hacker protection measures for websites include security plugins, SSL encryption, and Google Analytics and Search Console’s “Security Issues” tab. More advanced features, such as safeguarding against XSS attacks and SQL injection demand some tech help.
Summary
- Understand the importance of cybersecurity for small business and make it known to your team
- Regularly send instructions on cybersecurity via email
- Inform your team on the types of websites to avoid when using personal devices for business
- Instruct team members on using VPN and antivirus products
- Download only verified mobile apps and avoid freeware
- Download only reliable business-reviewed cloud tools
Finally, don’t be afraid to sound nagging and even boring with company policy reminders and rules! It’s better to remind an employee how to encrypt data five times in a row than once suffer a cybersecurity attack that will cost your business thousands of dollars in legal fees.
We’d love you to know that for all small business owners, MightyCall created a phone system that prioritizes cybersecurity and privacy. Our special 50% off offer makes it even easier to join. Check it out below!