The proliferation of personal devices and development of technologies to connect those devices have led to a society that is always online. These advances have contributed to the ability of small- and medium-sized businesses (SMBs) to work more efficiently, grow, and thrive. However, innovation rarely comes without challenges, and one of the biggest for SMBs can be learning how to protect company data across devices and connections as the number of each continues to rise.
Does Your SMB Know How to Protect Company Data across Devices and Connections?
Smartphones, tablets, laptops, the Internet of things (IoT): consumer and business use of connected devices continues to explode worldwide. Meanwhile, the technologies we use to connect these devices to the Internet and one another—Wi-Fi, cellular, Bluetooth, and wired connections—continue to advance to meet demand and keep pace with the competition.
Businesses are taking advantage of employees’ personal ownership of tech by implementing bring your own device (BYOD) policies that open doors for remote work and increased productivity. But all of these connections also open doors that businesses must work to keep closed: points of entry for malicious cyber activity.
How Hackers Can Access Personal and Business Networks through Connected Devices
The smart machines that surround us make life more convenient—at least, that’s the goal. But that convenience often comes at the high cost of substandard security. Easy setup and use of smart devices means they often come equipped with preset passwords; meanwhile, Universal Plug and Play (UPnP) can connect devices in networks by default without requiring authorization.
Once a hacker finds a poorly-secured point of entry, it’s relatively easy for that person to access the network the device is using as well as any of the additional devices connected to that network and the files stored or processed on those devices. From there, a cyber criminal can steal information and implant viruses, spyware, malware, or ransomware with relative ease.
The Challenge: Protect Company Data across Devices
When company information goes where employees go, compromised Internet connections are an additional problem SMBs must work to combat. Employees syncing company data to mobile devices can present a significant risk if the connection and/or the data are not properly protected. Once information is available on a remote device, hackers can capitalize on poorly secured connections—like the local coffee shop’s Wi-Fi—to access private business data. And the issue of company data continuing to exist on a former employee’s device after the termination of employment is one of the biggest risks of file syncing.
Bluetooth systems provide yet another potential point of entry for cyber criminals. When a device’s Bluetooth is turned on, other devices can find and pair with it, and connecting and syncing via Bluetooth to a vehicle (especially a rental car or rideshare) can leave behind personal and business data that needs to be protected.
What Devices Pose a Risk to SMB Data Security?
Any device that connects to the Internet or to other connected equipment can pose a security risk for SMB data, and employees syncing company data to personal devices adds another layer of equipment that SMBs must work to protect. Some of the most common IT security threats originate from devices that are designed to maximize ease of use, often at the expense of security. Some examples include the following:
- Smart TVs;
- Smart home equipment and security systems;
- Smart speakers and voice assistants;
- Wearables, including watches and fitness trackers;
- Connected appliances;
- IoT equipment and machines; and
- Vehicle Bluetooth and infotainment systems, especially in rental or rideshare cars.
SMBs Must Take Action to Protect Company Data across Devices and Connections
The risks of file syncing by employees, BYOD, public Internet connections, Bluetooth, and other common IT security threats can be mitigated with appropriate planning, procedures, and training. Businesses and employees must take responsibility for the security of their devices and equipment.
What Can Businesses Do to Protect Company Data across Devices?
SMB data protection needs to begin with quality IT infrastructure and planning. If employees use personal devices for business purposes, you need to have clear and transparent BYOD and mobile device management (MDM) policies that govern that use and ensure the company’s rights to manage business data stored or processed on those devices.
These policies can put protections in place that separate company and personal information on employee devices and allow remote access and removal of company data if needed. Once policies are in place, a company must find the right tools and software for effective MDM. Microsoft, for example, offers a suite of products designed to streamline MDM and minimize some of the common IT security threats.
Additional steps companies can take to protect company data across devices include the following:
- Place restrictions on employees syncing company data to personal devices when possible;
- Provide antivirus software and encryption for company-owned and BYOD equipment;
- Implement a clear information ownership policy;
- Require immediate reporting of lost or stolen devices;
- Consider cyber liability insurance; and
- Regularly provide training and security tips for employees, offering guidance on best practices for strong passwords, time-out locking, file back-up, connecting to public Wi-Fi, the dangers of Bluetooth, the risks of file syncing, and other common IT security threats.
IT Security Tips for Employees of SMBs
Whatever security measures an employer has in place, employees should also take their responsibility to protect company data very seriously. This means being conscientious about the connections and devices that could potentially expose private business data and taking reasonable steps to protect that data whenever possible. Measures employees can take to ensure company data is safe on their devices and in their homes include the following:
- Proactively manage security on your personal networks and devices;
- Use password best practices and multifactor authentication when available for all devices and accounts;
- Ensure that IoT and other connected devices are obtained from reliable manufacturers and providers;
- Use encryption and disable UPnP on home routers;
- Promptly install all updates on devices and software;
- Turn off Bluetooth on devices when it is not needed and avoid pairing with equipment over which you do not retain control (rental cars, for example);
- Limit the use of public Wi-Fi and proactively manage security settings for protection when public connections are necessary; and
- Know the risks of file syncing and avoid syncing company data when it is not necessary.
The task of combatting the risks of file syncing, public connections, and dispersed company data can feel overwhelming. However, with a collaborative effort between employees and businesses, it is possible to protect company data across devices and connections.