Jake Kiser - Nov 15, 2018

Why Mid-Size Businesses Must Have Enterprise-Grade Security

FIDO  Cybersecurity ROI  Encryption/Tokenization

Just because mid-market businesses are smaller doesn’t mean they should act small when it comes to cybersecurity. The percentage of mid-market businesses that have experienced a cyber-attack is up from 55% in 2016 to 61% in 2017, meaning these companies are being targeted as frequently as large enterprises. Therefore, they need the same level of cybersecurity.

At first glance, it may not seem to be a fair fight. But the market is shifting, and some of the same tools available to enterprises are now becoming available to smaller businesses. If you’re an executive at one of these companies, consider the following security hurdles and best practices to ensure you’re doing everything possible to keep your data—and that of your customers—safe and secure.

Obstacles to Stronger Security

The first obstacle to a more robust cybersecurity strategy is the belief that your company is too small to be of interest to attackers. If only attackers shared that belief! They know that mid-market companies often don’t have the same financial and personnel resources for security that enterprises do, which makes your company a potentially smaller, but usually easier win for them.

Another obstacle lies within the trendy security saying, “People are the weakest link.” Sure, it’s good to train your employees on security best practices, but it’s even better to put a security system in place so that when an employee eventually slips up—because they will—your data is still going to be protected.

A third obstacle is the reality that in smaller organizations, it’s likely that resources are thin and that employees wear many hats. We routinely talk to people who have to be both the CISO, responsible for mission critical data security, and also the IT Operations lead, responsible for almost anything IT under the sun! Cybersecurity often gets presented in confusing or convoluted ways that are meant for larger organizations, which means legitimately useful products and services do not always get adopted, and cybersecurity falls short.

Best Practices for Upgrading Your Security

For companies with lean IT resources and personnel, these four best practices will increase data security and help decision-makers focus on solutions that provide the strongest protection.

  1. End your dependence on passwords.

Passwords manage to be the worst of both worlds. Not only are they annoying for employees to use, remember, and change, but they are also insecure. In 2017, weak or re-used passwords were responsible for more than 4 in 5 breaches.

  1. Eliminate passwords in ways that aren’t going to drive your employees crazy.

Employees need solutions that enable them to do their work securely without constant frustration. We frequently hear complaints of having to rely on one-time PINS sent over text, carrying an authentication device dedicated to just one service, or needing to use a personal cell phone.

People today have gotten used to easy, seamless online interactions. We don’t fault people for this; we’re all increasingly busy. However, convenience must be balanced with security. The FIDO (Fast ID Online) Alliance and FIDO protocols is changing the nature of authentication by using standards to replace passwords. Replacing passwords means more security, and using standards means that the same protocol can be used across many websites and applications. Currently, FIDO can be implemented in ways that make sense to a business – physical USB authenticators, Bluetooth, NFC, and more. And stay tuned to FIDO to see it emerging in devices we carry with us every day.

If passwords are a pain point, you need to learn about the rising tide of FIDO.

  1. Outsource for security expertise.

Smaller IT departments benefit from finding a trusted advisor or partner who knows the security space deeply. There is a lot of conflicting information in the market, and the security landscape shifts quickly with new vulnerabilities and new threats. It is difficult to impossible to wade through this morass alone—in addition to all your other daily job duties—much less to make fully informed decisions. Look for a security advisor with a good track record of coming alongside their customers with a partnering mindset.

  1. Encrypt your data.

If authentication is the first line of defense, then encryption is the last bastion of an organization. By scrambling data to make it unusable to hackers, it protects like no other security solution can, because even if intruders make it past your firewall, they will find only mounds of jumbled nonsense.

The strongest way to protect sensitive data is by encrypting it at the source—the application that brings data into the application for the first time—and making sure that only authorized applications may decrypt such data upon authorizing those using FIDO-based strong authentication.

Until recently, encryption technology has been too expensive for mid-sized companies. The market now offers affordable solutions that make enterprise-level encryption available to smaller organizations.

Welcome to the Big League

Bad actors are looking for unsecured data wherever they can find it—and that includes your mid-market company. As a decision maker, it is your responsibility to think about your security with the same degree of care and protection as any other large company. And as the security industry, it is our responsibility to ensure you have access to the right tools to enable you to do that, simply and securely. Authentication and encryption are no longer too complicated or financially out of reach. Implementing these and following these best practices will put your organization ahead of the industry and encourage attackers to look elsewhere for an easy score.

ALSO SEEN IN: Aberdeen