Inadequate bring-your-own-device (BYOD) policies are leaving small to medium-sized businesses open to attack by cyber criminals, according to security firm AVG.
AVG's SMB general manager Mike Foreman said despite progress in educating SMBs about basic network security, they are still woefully under-informed about the threats they face when using consumer devices, such as smartphones and tablets, for work purposes.
"Small businesses have probably just got their head around security within the network, but we've just rapidly changed their world, introducing mobile and tablets for SMB usage. SMBs are going to have to get their heads around that," he said
The AVG manager said the issue is doubly troubling as if they are successfully hacked, the cost of a data breach will cripple most SMBs. "The real big area for a small business is data privacy. This impacts all of us but for a small business to have data breaches, well it could be the end of their business. It is happening, we've seen it," he said.
AVG chief technology officer (CTO) Yuval Ben-Itzhak mirrored Foreman's sentiment, adding that attacks on mobile devices are troubling as they are another vector criminals can use to steal financial data.
"The main thing criminals are trying to do is get banking Trojans into the system so they can get login details for online banking. You don't see with SMBs any kind of espionage, they're too small it's all financially based. It's usually the stuff you can buy and customise, things like Zeus and SpyEye, all those families of malware," said Ben-Itzhak.
Ben-Itzhak highlighted the use by SMBs of free cloud services, such as Gmail and Dropbox, as another new trend requiring action. "We're seeing a trend with new businesses where their people are used to having everything in the cloud, they use things like Gmail and Dropbox for running the business," he said.
"From a security standpoint when people use these I think backup is important. This is because mess-ups happen, it happened with Gmail. Gmail had an 'event' where some people's messages were deleted and couldn't be recovered. So while these tools are very good for running a business as they save a lot on operation costs and remove a lot of complexity, they're not completely free. There is risk involved running them."
The AVG's warnings follow widespread rumblings within the security community for businesses to decrease their reliance on consumer-focused services such as Dropbox. Silent Circle's Mike Janke told V3 that businesses hoping to protect their customers' privacy cannot rely on services such as Google's Gmail.
Despite the negativity, Foreman said securing small business presents a golden opportunity for expansion. "From a small business point of view there are always going to be some bad guys coming after them, but I think those that show they can deal with them, that they can protect their customers, are going to have a real competitive advantage," he said
AVG is one of many firms to warn about the increased threat facing SMBs. Sophos director of technology James Lyne told V3 SMB websites have overtaken porn and gambling sites as cyber criminals' malware distribution tools of choice.