Startups, very small businesses need to harden mobile defences
By Digital News Asia September 30, 2014
- Overlooking employee-owned mobile devices as security risk
- Some tips on mobile security on a budget
STARTUPS and very small businesses (VSBs) – those with fewer than 25 employees – have the same rate of mobile device adoption as large enterprises. However, most lack the security awareness, technical expertise, and budget needed to properly protect company-issued or employee-owned mobile devices, according to Kaspersky Lab.
A Kaspersky Lab survey asked 3,900 IT professionals worldwide about IT challenges they encountered over the previous 12 months, and 34% of VSBs said they had managed the integration of mobile devices into their business.
What’s noteworthy is this rate is nearly identical to the rate of mobile integration reported by enterprises, which was 35%, the company said in a statement.
This means the smallest companies in the world are adopting mobile technology at essentially the same rate as huge companies with more than 5,000 employees.
In fact, VSBs actually reported a higher rate of mobile adoption than small businesses with 26-99 employees, as well as large businesses with 1,500-5,000 employees. VSBs reported 6% more mobile integration than small businesses (defined as 26-99 employees), and 2% more than large businesses (defined as 1,500-5,000 employees).
These statistics certainly cast doubt on any perceptions that VSBs are confined to antiquated technology or slow to invest in IT, Kaspersky Lab said.
Mobile technology may not be restricted to businesses based on their size, but there are other key factors to consider, the company said.
Expertise and resources are the most obvious limitations of VSBs, which frequently don’t have dedicated IT staff to manage technology implementations. These limitations may lead to a knowledge gap even amongst security-minded business owners.
For example, 31% of VSBs listed ‘Securing Mobile/ Portable Computing Devices’ as one of their top-three IT security priorities for the next 12 months (a rate comparable to the 34% adoption rate from the previous 12 months).
But when asked about BYOD (Bring Your Own Device) policies, where employees use their own mobile devices for business purposes, the survey uncovered a perception-gap based on company size.
When surveying attitudes towards technology trends, 28% of VSBs agreed that BYOD introduces an increased IT security risk to their business. But large businesses and enterprises had a response rate that was nearly twice the VSB response, with 52% and 48% respectively agreeing about the risks presented by BYOD.
Is it possible that VSBs are overlooking employee-owned mobile devices as a security risk? This seems like a particularly troubling possibility, given that VSBs and their limited budgets are most likely to view employee-owned devices as a cost-savings measure and gladly welcome these devices onto their networks, Kaspersky Lab said.
Common threats from employee-owned mobile devices include malware or rogue applications connecting to the company’s network via the employee’s device, or company data disappearing along with a lost or stolen employee device.
Mobile security on a budget
Realising that most VSBs lack the budget and technical sophistication for advanced mobile security solutions, small businesses can still use mobile technology – including employee-owned devices – without a huge investment of time or money.
A mixture of common-sense and the right technology can go a long way to securing mobile devices, and help the owners of a startup get back to running their business.
- Employee education: The first lines of protecting your business data are employees with security mindsets. Make sure new employees know that if their smartphones or tablets contain workplace information, that device shouldn’t be subjected to unnecessarily risky usage habits (e.g. browsing questionable websites), and if the device is lost or stolen, it should be reported immediately to the employer, not days later.
- Basic anti-theft: An inexpensive piece of software that can remotely-wipe the data from missing or stolen devices is essential. Some devices offer similar functions built-in, and there are many third-party applications that can accomplish this task. But make sure an employee understands that if their device is wiped, that typically means any personal information on the device is deleted as well.
- Avoid complexity: A newly-created startup business with five employees can’t spend hours purchasing, deploying, and managing a business-grade security product that wasn’t built for their purposes. Avoid purchasing a larger product than the business needs, and stick to core mobile security features.
Startups slack on security
ID thieves targeting SMBs, 2FA could be the solution
SMBs coming round to IT security: Symantec
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.