Cybersecurity Surveys targeted at SMEs, show that 63% of SMEs are concerned about malware, and 38% are worried regarding potential phishing scams, however 31% aren’t doing nothing to guard against such threats. While I seriously doubt that only 63% of SMEs are concerned, where a 100% of them should be worried, but statistics being statistics, it is alarming to see that 31% of these SMEs are not doing much to protect themselves. There are some surprisingly simple steps that SMEs can take to protect themselves.
Strong Robust Passwords Never use default vendor passwords. Use different passwords for different services. Use different passwords for different services. Eg: Your email password should not be the same as your recruitment portal, which should not be the same as your payroll, or any other banking sites.
Two Factor Authentication Use (2FA) 2-factor authentication for all business accounts, where possible. Gone are the days when 2FA was expensive. Economical options have flooded the market. Work with your MSSP to find the right fit for your business.
Don’t Transmit Data in cleartext Mandate encryption on all critical information — Think about Data at rest, Data in motion and don’t forget Data in processing.
Engage Employees Make security part of everyone's job. Every employee including your accountants, frontdesk, developer, administrators should understand that security is their responsibility. Failure could very well result in losing their job, as the business may have to shut down.
Don’t mix Business and Pleasure Use a dedicated device for online business banking and business financial activities. Have a separate device for personal email and social media.
Continually Assess Risk and Update Procedures On a regular basis, audit assets and valuable data warehouses to spot where your organization is most vulnerable. Cultivate a habit of questioning the security posture of your business, vendors, suppliers or partners regularly. And then, update, update, update. Use an MSSP to manage these processes for you, while you understand and oversee the overall program.
Secure Browsers Keep up with the most recent version of your preferred browser. Then, check its configuration for weakness. Again, you don’t have to be alone on this. Consult and use the services of an MSSP.
Implement time-outs Implement “time out” functions (requires re-login after a period of inactivity) for all business computers. Require robust passwords that have to be modified on a periodically.
Secure wireless web Routers Think about configuring your WiFi securely. Use the latest WPA2 technology, which currently is extremely hard to crack. Hiding the name of your SSID is not a security measure, so don’t bother. Your MSSP can help you secure your WiFi, and monitor its usage for malicious activity.
Back Up information If the recent ransomware attacks have a silver lining, it is the emphasis they have brought on BackUps.
This list is prescriptive at best and is not comprehensive and definitely not an replacement to an professional security expert consultation. A strong MSSP partner for SMEs goes a long way in mitigating the cybersecurity risks.
This list is prescriptive at best and is not comprehensive and definitely not an replacement to an professional security expert consultation. A strong MSSP partner for SMEs goes a long way in mitigating the cybersecurity risks.
No comments:
Post a Comment