Back to Basics: Revisiting IT Fundamentals for Secure Operations

by Lindsay Brown, Vice President and General Manager, Asia Pacific and Japan at GoTo

It’s fair to say many businesses, especially so as small business owners or business leaders in small and medium-sized enterprises (SME), are navigating a very complex and hyper-connected digital landscape. One with a growing array of security threats; ranging from unauthorised access, data breaches, and phishing, to different types of malware and ransomware. With limited resources and financial constraints, this places them at the forefront of vulnerability.

In this bustling market filled with sophisticated solutions and intricate technology, the question arises: what steps should one take?

It’s easy to be enticed by the latest trends in cybersecurity, but sometimes the best approach is a return to the basics. For SMEs, the priority should be establishing a robust IT system.

In GoTo’s 2023 IT Priorities report, where we commissioned market research firm Frost & Sullivan to conduct a survey on the perspectives of more than 1,000 IT decision-makers from companies with less than 1,000 employees across markets and industries, the findings show IT significantly influences SMEs’ decisions regarding digital tools. This includes communication and collaboration (39%), IT support and management (47%), and customer engagement tools (37%).

By 2027, such digital infrastructure is projected to generate 43% of business revenue in the Asia-Pacific (APAC) region. As technology continues to advance, IT will undoubtedly play an integral role in ensuring the safety and resilience of these digital spaces.

The Shifting Sands of Cybersecurity Challenges
Over the past decade, the threat landscape has undergone significant evolution, with ransomware attacks, data breaches, phishing schemes, and other cyber threats becoming not only more frequent but also increasingly sophisticated. Among organisations in the APAC, there is a rising concern about the business implications of such attacks, with data loss (70%), business interruption (58%) and reputational damage (50%) being the top three concerns.

In 2021, Malaysian businesses had to bear an average cost of 1.22 million USD to tackle ransomware attacks, as per an independent, vendor-agnostic  State of Ransomware 2022 report.

Unfortunately, many SMEs are still underestimating the importance of cybersecurity – less than half (46%) of SMEs in Malaysia prioritise digital security.

For small businesses, the consequences of a breach can be especially catastrophic resulting in loss of customer trust. With data breaches reaching an all-time high, searches for the keyword “privasi” (privacy) saw an increase of over 40%, mirroring Malaysian consumers’ heightened sense of concern and anxiety about their digital safety. Moreover, recovery from such an incident is often costly and time-consuming.

To mitigate these risks, SMEs must stay ahead of the curve and pay attention to the IT health of their organisation.

The Vital Link: IT Health and Security
The connection between IT health and security in SMEs is undeniable. Neglecting the maintenance of your organisation’s IT systems is like leaving the front door wide open for cybercriminals.

While we traditionally view IT as a support function that comes to our aid when devices misbehave or we encounter access issues with our email and company drive, the reality today is different. IT now wields significant influence over securing core business operations.

Investing in the appropriate IT support tools not only aids in basic device maintenance but also improves a business’s ability to monitor endpoints effectively, thereby protecting them against potential weaknesses in their security infrastructure.

Here are a few ways in which IT helps support SMEs with their cybersecurity needs that are worth spotlighting:

• Patch management: Automate the process of applying security patches and updates to software, operating systems, and applications. Thereby, closing off any vulnerabilities within outdated software and operating systems that can be exploited by attackers.

• Data encryption: Help organisations securely manage encryption keys, ensuring data remains protected and accessible only to authorised users.

• Endpoint security: Protect individual devices (e.g., computers, smartphones, and tablets) from malware, ransomware, and other threats.

• Security awareness training: Support security awareness training programs, such as providing simulated phishing exercises and training modules to educate employees on recognising and avoiding security threats.

• Mobile Device Management (MDM): Enable organisations to manage and secure company-owned and BYOD devices on any platform used by employees. This includes enforcing security policies and remotely wiping data from lost or stolen devices.

• Disaster recovery: Automate data backup and facilitate rapid recovery in case of a major data loss or a cybersecurity incident, to ensure your business runs uninterrupted.

SMEs should therefore view IT as the foundation of their security strategy. It’s not an extra expense but an essential investment in safeguarding one’s business operations.

Conclusion
Amidst the numerous reports of global businesses falling victim to cyberattacks, it’s natural to feel overwhelmed and uncertain about the next steps required to protect one’s own enterprise.

But cybersecurity need not always be shrouded in complexity. Often, it’s about mastering the fundamentals. By recognising the symbiotic relationship between IT health and security, SMEs can bolster their defences against the ever-expanding spectrum of cyber threats. In doing so, SMEs not only protect their data and operations but also their reputation, customer trust, and the longevity of their business.