Five key tips for SMEs to prevent a cyberattack or data breach
With online security currently the hottest topic for many SMEs, the move to remote working as result of Covid-19 has exposed more businesses than ever to the risk of a cyberattack or data breach. The numbers are quite astonishing with the University of Maryland study reporting that hackers strike every 39 seconds, on average 2,244 times a day. How can company owners and managers protect their information in this cloud-based era? Denis Koloshko, our chief technical officer, shares his top tips for future-proofing your organisation…
Reduce your attack surface
It sounds an obvious place to start, but simply hiding your internal systems and admin panels away from public view via the use of a VPN (Virtual Private Network) should be your first line of defense.
Forbes predicted that 83% of enterprise workloads would move to the cloud by 2020, so creating a secure connection to the internet is a vital step to protecting your data. Installing a firewall will add an additional level of security –shielding your devices from malicious files and hackers.
Minimise your internal risk with permissions
Whilst it is great to have an open and transparent culture within modern business, that should not automatically extend to your company’s sensitive data. By following the principle of minimal privileges for employee access, you can vastly reduce the exposure to attacks.
Smaller organisations (1 to 250 employees) reportedly have the highest-targeted malicious email rate, so it makes sense to set-up permissions for access to data that are relevant to specific job roles. Ask the question – do they need this to do their job? If the answer is no, then keep it safe!
Protect those passwords
With an estimated 300 billion of passwords in use worldwide, we’re more at risk than ever before from phishing, malware, and hacking. Businesses and employees now have a vast collection of passwords required for access to sites, documents, and client data, but how many of us can remember them all? Gone are the days when we could use our favourite pet’s name or first school, as a prompt.
As a result of increasing cybercrime, passwords have had to become more complex over time. But, with the best will in the world, without an encrypted database to store them in (for example, KeePass) the risk remains. Implementing an internal security policy for all staff to follow will massively reduce your exposure.
Check, check, and check again
A common mistake made by many companies is to assume that putting all the above processes in place is enough to keep them safe. As with anything in life, maintenance is key to keeping things running smoothly and efficiency. Be sure to build in time for regular infrastructure security reviews of your IT processes.
Checking logs, ensuring that configuration alerts are still relevant and working, reviewing access, and attempts of brute force attacks are all vital cogs in sustaining good levels of cybersecurity.
Identify your vulnerabilities
Hiring a third-party cybersecurity expert to perform penetration testing against the system is a very efficient way to disclose your weaknesses and business risks in advance of any attempted raids.
Working with certified ethical hackers is a great way of testing if your systems, networks, or applications have any underlying security flaws that an attacker could exploit.
A robust penetration test should cover the following key points:
- Gather information about the target
- Locate possible entry points
- Attempt to gain access
- Test the disaster recovery strategy
- Collate findings on all identified weaknesses
- Devise a security roadmap
- Work with IT leaders to implement the recommendations
Whether you’re a start-up brand looking for the highest levels of system security from day one, or an established SaaS business seeking independent software security analysis, we’re happy to offer a no-obligation first-point-of-call appointment with one of our in-house experts. Give us a call +44 (0)113 859 1669 or get in touch via our contact form