Cloud has a silver lining for SMEs seek­ing se­cu­rity so­lu­tions

Small or­gan­i­sa­tions have af­ford­able op­tions when it comes to cy­ber­se­cu­rity


While large or­gan­i­sa­tions have the bud­gets and the ded­i­cated IT and se­cu­rity de­part­ments to deal with cy­ber­crime, SMEs face much the same threats but with scant re­sources to de­ploy. There are, how­ever, strate­gies which smaller or­gan­i­sa­tions can de­ploy to take on the big bat­tal­ions of cy­ber­crim­i­nals.

“There are so­lu­tions for SMEs,” says Karl McDer­mott, head of 3Con­nected So­lu­tions. “This in­clude some very ba­sic things like staff train­ing. Com­pa­nies should make their peo­ple aware of the threats and risks. This will as­sist with per­sonal dis­ci­pline when it comes to in­ter­net us­age. They can also use things like two-step au­then­ti­ca­tion and vir­tual pri­vate net­works (VPNs) when work­ing re­motely.”

Poor per­sonal dis­ci­pline is of­ten a se­ri­ous vul­ner­a­bil­ity for SMEs, ac­cord­ing to McDer­mott, and this is high­lighted by ex­per­i­ments which Three car­ries out from time to time where the com­pany leaves USB keys ly­ing around in dif­fer­ent lo­ca­tions in towns and cities.

“A huge amount of them get plugged into de­vices within hours. A USB key with mal­ware on it can leave an or­gan­i­sa­tion fa­tally ex­posed.”

Other ba­sic steps in­clude en­sur­ing anti-virus soft­ware and fire­walls are up to date. “Re­silience is a huge thing as well,” he con­tin­ues. “You should make sure to have an off­line backup of data that can’t be at­tacked. None of th­ese things cost a lot. They can also avail of ad­vice and as­sis­tance from their in­ter­net and phone ser­vice providers.”

KPMG’s head of cy­ber, Mike Daughton, says while there is no one-size-fits-all so­lu­tion for SMEs, the start­ing point is gen­er­ally the same. “SMEs need to iden­tify their crit­i­cal data as­sets. What are their most im­por­tant data as­sets that they need to pro­tect? Where are they lo­cated and stored? This in­cludes per­sonal data for cus­tomers. Once a com­pany has got a good han­dle on those as­sets and what they don’t want to lose and need to pro­tect, that’s a good start­ing point.”

Risk list

Daughton’s col­league Will O’Brien says that SMEs need to put cy­ber­se­cu­rity at the top of their risk list and de­cide how much they want to in­vest in it. “The quick­est win is peo­ple and train­ing,” he says.

“There are also lots of sup­ports for SMEs out there. For ex­am­ple, in Cork there is IT@Cork which helps SMEs in ar­eas like this. SMEs should lever­age the as­sis­tance avail­able from or­gan­i­sa­tions like th­ese. The should get out there net­work­ing with other com­pa­nies. Help is out there and it’s about tap­ping into it.”

John Bol­ger, se­nior man­ager IT au­dit and cy­ber se­cu­rity with

SMEs face much the same threats as larger or­gan­i­sa­tions, but have smaller re­sources

BDO, also ad­vises SMEs to look out­wards. “SMEs will need to as­sess their cur­rent IT en­vi­ron­ment ex­po­sure in light of cur­rent of­fer­ings from ser­vice providers,” he says.

“Many busi­nesses are man­ag­ing their own in­fra­struc­ture and hard­ware based on a technology strat­egy from five to 10 years ago. Even smaller so­lu­tion providers of­fer a wide range of host­ing, backup ser­vices and net­work man­age­ment, of­ten in col­lab­o­ra­tion with ma­jor cloud providers. Costs have be­come more com­pet­i­tive, and th­ese op­tions should be ex­plored by SMEs tak­ing a long-term view re­gard­ing man­age­ment, ser­vice, and se­cu­rity. In sim­ple terms, trans­fer IT ser­vice roles to providers who are spe­cial­ists.”

This doesn’t mean the firm can turn its back on the prob­lem, how­ever. “Trans­fer­ring the ser­vice does not mean trans­fer­ring the risk,” Bol­ger adds. “There will al­ways be a need for in-house man­age­ment of the IT ser­vice provider, along with ed­u­ca­tion of em­ploy­ees un­der­pinned by for­mal in­ter­nal poli­cies and pro­ce­dures.”

Montgomery be­lieves the cloud can also of­fer so­lu­tions. “There is a big de­bate around the cloud. Is it more se­cure than server in the of­fice that has an op­er­at­ing sys­tem that mightn’t have been patched or up­dated for some time? There is an ar­gu­ment to say that ded­i­cated cloud is more se­cure than in-house stor­age.”

He warns that this does not mean cheap cloud and ad­vises SMEs to go for branded of­fer­ings with se­cu­rity mea­sures that can be trusted.

Will O’Brien of KPMG agrees. “A lot of SMEs are mov­ing into the cloud. They should make sure they can rely on the IT and cy­ber con­trols that the third-party providers have in place. They should ask where their data is be­ing held and how it is be­ing pro­tected and make sure they are com­fort­able with the se­cu­rity ar­range­ments.”

Newspapers in English

Newspapers from Ireland

© PressReader. All rights reserved.