When criminals, foreign governments, or supposed activist organizations launch cyber attacks on businesses, it only makes the news when big corporations are the targets, but mid-size companies are the victims of these same type of attacks more often than people think. In fact, small and mid-size companies are more frequently becoming the targets of attacks because hackers view their data as easy to access. Attackers know this because mid-size companies invest far less in cyber security than their larger counterparts, partly because they think they are obscure targets. In order to close this security gap, smaller companies will need to reevaluate their IT security needs and start relying more on service providers like Google and their cloud computing solutions.
As a leader or IT expert in a mid-size company, you may be asking yourself why your company would be a target. After all, few people even know what your company does or where it’s located. You may have never had a commercial, big advertising campaign, or even an international presence. It’s true that, in years past, smaller companies like yours could hide in obscurity from attacks, but times have changed. Criminals now do extensive research to find companies who have important information but who don’t have the resources to secure it. A recent survey conducted by PwC found that, from 2014 to 2015, cyber attacks rose 64% for mid-market companies.
The new cyber world makes hiding impossible, so it’s important to know that you can be a target simply by having information criminals want. A competitor in a foreign country may want schematics for your new proprietary technology. A credit card thief may want personal information about your high-end clientele. Or, a hacker with ambitious goals may exploit your system hoping you get bought by a bigger company. Being aware that your mid-size company is at risk for these attacks is important, but you still need to know where you’re at risk and how to solve the problem.
Like any type of predator, criminal hackers attack their victims at their weakest points. For mid-size companies, these weak points can be abundant, making them most susceptible to cyber attacks. According to information from Google’s security team, 60% of corporate data resides on unprotected PCs and laptops; 10% of laptops will be stolen within 12 months of purchase; and 60% of people who lose thumb drives report having corporate data on them. Passwords can be an even bigger problem with nearly 75% of users reporting they shared their passwords, which are already too weak, with others.
Effective IT security depends on your ability to understand what attackers want and where they can get it. Let’s say your mid-size chemical company has a revolutionary formula for a food preservative. You know that your engineers have the formula on their PCs, but you also know that they’ve sent that information to other people in the company through email. From there, where the data has gone can get complicated. What if that formula ends up on one of those 10% of laptops that get stolen, or on a thumb drive that gets lost all the time. It’s for these reasons that cloud computing is becoming more and more attractive.
Business managers have a tendency to look at the costs of doing something rather than the potential negatives of not doing it. Security of data is no different. Unfortunately for them, the costs of not securing your information can be very high. Even mid-size companies can expect major operational, financial, and public damages. The top 6 sources of pain for mid-size companies according to research from PwC include:
As attacks increase year after year, companies will have to consider improvements in IT security as an important part of running a successful business. The vast majority of consumers and businesses now say they will avoid working with a company that doesn’t invest in data protection. Fortunately, moving to cloud-based apps and data can be an affordable solution for companies looking to patch up their vulnerabilities.
If your company is moving over to a cloud-based solution for some of its business apps and data storage, you still need to be concerned about security. For better or worse, however, much of that IT security will be in the hands of the cloud vendor you choose. There are no industry standards for cloud security, so comparing between the wide range of technologies offered can be difficult. Then comes the biggest problem: the cloud companies that won’t let you audit them. A company could claim to have the best security in the world, but can you really trust your company’s sensitive data on their servers if you can’t verify that claim? Fortunately, solutions like G Suite are making mid-market companies more comfortable adopting cloud technologies.
G Suite, the set of intelligent apps that Google now offers for mid-size companies, uses an advanced security model that’s designed to tackle the issues mentioned in the previous section. It allows for vendor checklists and audits and adheres to SSAE 16, SAE 3402, ISO 27001 as well as FISMA. The security model is based on three core principles: people, procedures, and technology. Google has a 24/7 IT security team and employees some of the leading experts from Fortune 500 companies and universities. Centralized data prevents leakage from lost devices and automatic patching keeps all software up to date. Purpose-built technology prevents third-party security issues and allows for vast automated attack detection.
Let’s go back to that revolutions formula your chemical company has and how it would exist on Google’s storage platform. Each file is broken up into multiple parts and stored at multiple data centers located around the world, and filenames are randomly generated and obfuscated to make them unreadable to humans. As for the data facilities themselves, there is 24/7 guard protection, electronic key access, access logs, alarms, closed-circuit televisions, and wide range of other advanced features.
There’s a whole lot more to the IT security offered by G Suite and the entire Google Cloud platform, and you can dive into the deep waters of their security model by going to the Lunch & Learn at the Arizona State University campus on November 16. The event, which includes a complimentary lunch and entry into a raffle for a Google Chromebook and other prizes, takes place on Wednesday, November 16th, from 11:30am -1:30pm, at Old Main at Arizona State University, 400 East Tyler Mall, Tempe, Ariz. 85287.
Come and see why the Arizona State University has been a top ranked University in Innovation two years running with a 5 million business trust with Google Security. Google security experts will be on hand to take your questions and give you valuable information about cyber security. RSVP for the event today!