How Small Businesses Can Prepare for Cybersecurity Risks This Holiday SeasonJill Quash
There’s no doubt that 2020 has been an unprecedented year all around. From the sudden shift to remote work to increasing cyberattacks in light of the COVID-19 pandemic, SMBs have had a lot to contend with this year. And while many may be breathing a sigh of relief that the end of 2020 is nearly upon us, there is one more obstacle that SMBs must navigate: the online holiday shopping rush.
Much will be different this holiday season, but holiday shopping won’t be. This year, e-commerce holiday sales are expected to grow between 25 to 35 percent, and as many as 68 percent of consumers are expected to purchase their gifts from local businesses. After a chaotic year filled with economic turmoil and shutdowns, SMBs are looking to make the most of this holiday shopping season. What they don’t want—a cybersecurity snafu jeopardizing their customers’ data, their credentials and, crucially, their sales.
So, as many SMBs continue to have their employees work from home, maintaining a secure workforce will be of the upmost importance to avoid a cybersecurity disaster this holiday season.
The Cybersecurity Risks
Over the past year, the most targeted information from SMBs has been credentials (52 percent) and personal data (30 percent). On top of this, the pandemic has now given threat actors new opportunities to launch attacks. Whether it is a phishing attempt or a brute-force attack to crack passwords, SMBs need to be prepared to protect their own resources as well as their customers’ data.
Additionally, SMBs need to be aware of further security threats that could potentially jeopardize their business and holiday sales. As employees log on to company networks from outdated home devices and mix their online work and personal activities, business accounts and data are put at risk. Often, employees are completely unaware that their actions online at home, like interacting with misinformation or clicking a suspicious link, are putting their company or business at risk. Employees may also not know how crucial password security is, and that using a weak or compromised password has led to some of the most devasting data breaches.
To avoid these security disasters from home, SMBs need to refresh their employees’ cybersecurity awareness and implement proper security solutions to make sure they stay cyber safe this holiday season.
Here are some quick tips to help SMBs and their employees navigate the busiest time of the year safely and securely.
- Start with cybersecurity hygiene. Update and check all data backups. Make sure software and firmware updates, as well as anti-malware software are up to date. Keep track of applications used on your corporate network, as many threat actors target unattended apps.
- Single sign-on (SSO) and password management. Authentication through SSO can simplify managing access and provide employees an easy and secure way to login, no matter where they are working. To secure all entry points to your business, including the apps that cannot be authenticated through single sign-on, integrating an enterprise password manager will help users manage all their other passwords in one secure vault, minimizing risks such as shadow IT.
- Leverage multi-factor authentication (MFA). MFA adds an additional layer of security by requiring a further login step. SMBs can leverage MFA for both consumers and employees, ensuring account security even if a password has been compromised.
- Go Passwordless. Passwordless authentication through biometric authentication enables employees to login to devices and applications without the need to type in a password. It helps eradicate the frustrations of using and having to remember passwords, streamline access to work applications to boost employee productivity, all while increasing full security for the business.
- Rely on a managed service provider (MSP). Expanding your team through an MSP will provide the skills and knowledge required to further your security posture and minimize risks.
- Revamp your security training. Lack of security education and awareness among the workforce increases the chance of falling victim to a potential threat. Provide your team with training to help them understand the risks and their role in the security of the organization.
Like 2020 itself, the security landscape this year has turned out to be anything but normal. With the holiday season already well underway, SMBs need to be ready for security threats that could present themselves at any moment.
To keep businesses thriving this holiday season, and remote employees secure, SMBs must look to IAM solutions and security training to ensure they make it through the holiday season safely and securely.
Gerald Beuchelt is the Chief Information Security Officer at LogMeIn, makers of password and identity management solution LastPass. He is responsible for the company’s overall security, compliance, and technical privacy program. With more than 20 years of experience working in information security, he is a member of the Board of Directors and the IT Sector Chief for the Boston Chapter of Infragard. In his prior role, Gerald was the Chief Security Officer for Demandware, a Salesforce Company. He holds a Master of Science degree in theoretical physics.