Every SME should protect themselves against Cyber Crime, with it being National Cyber Security Month, we’ve put together a quick rundown of areas every SME should be addressing to prevent a breach.
The biggest threat currently are ransomware attackers, this type of cyber criminal effectively holds your data hostage until they get their ransom payment. They will often research organisations first, hacking into accounts data to see how much they can afford or they may just be interested in taking your data.
There are various ways these hackers can infiltrate your systems so here are the top areas every business should tighten up in…
Employee Education
We talk about this a lot and we’ll say it again! The first line of defence are your employees, by far the most popular way a breach occurs is by clicking on a spurious link or document. Phishing attacks are getting ever more sophisticated too.
Providing training on what to look out for and conducting regular simulation tests is essential. Simulation tests involve sending out a spoof phishing email to all employees to replicate what might happen in the event of the real thing. This is not to appoint blame, but just to see where the gaps in education lie.
Turn on Two Factor Authentication
Tightening up passwords is one thing, but the most secure way to lock down access is by using a generated passcode, hardware token or push authentication. It can be met with frustrations from your teams but its essential in battening down the security hatches.
Try not to use methods that are easy to intercept such as text codes, its best to use a high security option.
For on-premise servers, make sure you have multi-factor authentication set up especially if they might be a big target for hackers. Anything used for VPN’s and remote desktops could be very vulnerable.
Email and web security
Its always best to buy these as a specific service, the security that comes as standard with workspaces like Google and Microsoft can be woolly. Whilst they are secure, if you want ‘belt and braces’ you need an all-encompassing option.
Here you’ll get many security features included such as malicious email and website filtering, detection of hijacked accounts and compromised site, blacklisting, data and message encryption and much more.
Backup and defence testing
It’s important to have a robust business continuity plan so you know what steps to take should the worst happen. Its one thing creating the plan and subsequent disaster recovery procedures but its another to make sure you regularly test it.
Take a look at our blog post on backing up the backup, its sounds crazy but it’s very important. You need to be able to retrieve your data fast to keep your business running and avoid potentially catastrophic consequences.
Penetration testing is a service that can be carried out safely and securely by a third party like us, to identify where your weaknesses are. It’s important to remember that these may change as time goes on also, so we recommend looking at this every six months to stay up to date.
Firewalls are also an essential as a first line of defence for your systems.
Patching
This can be complicated if you don’t have an experienced IT manager within your business. The complex nature of scanning multiple sources of information to find out what needs doing, then the implementation is extremely time consuming.
If you don’t manage this in house, you could look at a Managed Security Service Provider that will take care of the lot, or for a cheaper option, use a dedicated scanning service that detects vulnerabilities.
Antivirus and device security
Potentially look at mobile device management (MDM), where all your devices are controlled from one platform. With MDM you can remote wipe, set parameters around apps, websites and generally lock down anything that isn’t company authorised.
Make sure this is always current and up to date, make a list of your device estate, who they belong to, how they are covered and when updates need to be made. This inventory should be included in your business continuity plan and updated as and when employees leave the business.
Its worth mentioning here that anything older within your estate should probably be sent to a reputable recycling company or destroyed. Old machines and devices which are no longer covered by patches or current security methods can be a prime gateway to malware.
If you need any help and advice around cyber security and implementation, please don’t hesitate to call our friendly team. We’re always available and well versed in keep you secure.