2015 has seen a large number of highly publicised security breaches and data hacks in the UK. The increasing severity and regularity of these attacks and the damages caused will mean that security is a top priority, not only for IT Directors but also for business owners and Managing Directors.
The way we work is evolving and the way we approach security must also evolve to fit this new style. As new technology trends are being embraced for their benefits, they also bring their own security threats and challenges – such as increased mobility, BYOD and cloud services. As a result, today’s security need to be agile to stay ahead of changing threats but it also needs to be simple to maintain, cost effective and not strain limited resources, especially for SMBs.
In a study, results showed that 50% of SMBs believe that they are immune to targeted cyber-attacks because criminals are more focused on large organisations. This preconception is unfortunately wrong. In 2015 a national UK study showed 90% of enterprises experienced a security breach (up from 81% in 2014) and 74% of SMBs had a security breach (up from 60% in 2014). As SMBs are likely to have weaker security in place this can make smaller businesses more of a target, as well as causing more damage and being harder to recover from.
SMBs still require tight security, especially in order to grow sustainably, however they are faced with fewer resources and smaller security budgets. Luckily, with improving security technology, SMBs now have access to enterprise-level security systems without requiring enterprise-level pricing and a team of security specialists.
We wanted to show some of the security measurements that we recommend to SMBs that are SMB friendly and provide a highly effective security solution:
IPS: Intrusion Prevention Services
IPS sits behind or forms part of the firewall and monitors network traffic following policies and rules to check for any potentially malicious traffic and alerting administrators.
Advanced Threat Analytics (ATA)
This is brand new threat detection software from Microsoft that uses machine learning to monitor and alert administrators over any unusual activity. ATA works by analysing your network and profiling behaviour of users and devices to produce an organisation security chart which is used as a benchmark. Once complete ATA will constantly run on your network and if anything appears unusual, administrators will be alerted and given a full report to act quickly. As it uses machine learning, it will continually improve and evolve to stay relevant to your organisations network behaviour, making maintenance far simpler while the security is more intelligent. You can find out more detail about Advanced Threat Analytics here.
Device Guard (Windows 10 Enterprise)
Device Guard is a form of whitelisting software, which we believe is more effective than blacklisting or anti-virus software. (You can read more on this here: Anti-Virus vs Whitelisting) Whitelisting only allows approved apps to run while anti-virus has a list of ‘unsafe’ files, so new malicious code won’t be on anti-virus lists. Device Guard is described as ‘the most advanced malware protection ever offered on the Windows platform’ and is available with Windows 10 Enterprise.
This gives an extra level of defence by adding an additional level of security to your username and password. This can be in many different forms such as biometric scanning or a one-time password. While this isn’t very widespread across SMBs at the moment, it could increase of the years as security concerns grow. If it is the extra level of security that you are after now though, it’s great to know that its included with Enterprise Mobility Suite (EMS) along with Advanced Threat Analytics, Azure Active Directory Premium and mobile security solutions, which we haven’t included as mobile security is a whole topic in itself!
There is no ‘one size fits all’ in IT, so your security must be tailored to fit your business and to match its own unique requirements, processes and goals. Above is just a recommendation we feel provides a strong level of security but would have to be tailored to suit each business.
If you have concerns over security or would like to review your security strategy, please contact us.