Cyber Security for SMEs

---

It’s not only large enterprises that face cyberattacks – SMEs face similar risks and it would be unwise to assume they are not a target for hackers.

The reality is that small companies face attacks from multiple angles and, like larger organisations, must protect themselves from cyber criminals who are interested in stealing their intellectual property and other confidential data.

One of the key concerns is that many SMEs allocate few resources to IT and they are less likely to have a dedicated IT department staffed with security professionals. This can leave them open to cyber attacks which can cost an SME proportionally more to recover from than larger, well-prepared companies.

The past 12-18 months have been particularly challenging for large enterprises and SMEs alike. Insider threats, malware, identity theft and morphing attacks have continued to test organisations of all sizes and across industries.

Improving the security posture of your small business doesn’t need to be expensive, and it could well save you money in the long run.

Adopt two-factor authentication

Take security into your own hands and enable two-factor authentication on any service or device used by the company for email accounts, social media feeds or more sensitive systems. Anyone using these accounts will need an extra credential to gain access from a new device, or to change profile settings, which stops hackers from breaking in even if passwords are leaked. Remember to shut down accounts, or change login credentials, when someone leaves employment!

Be email-wise

Email can be a weak point for smaller organisations, with cyber criminals targeting companies with malware via phishing attacks. Treat with caution unsolicited emails containing attachments or hyperlinks (particularly shortened links), many phishing attacks attempt to trick you into opening a file loaded with malware or to visit a site which runs malicious scripts on your computer.

Avoid ransomware threats

Ransomware is malicious software (malware) that prevents or limits users from accessing their system, forcing the victims to pay a ransom in order to gain access to their systems, or to get their data back. When ransomware infects a system it commonly encrypts all of the document files on the hard drive as well as accessible network folders. Documents so encrypted are unusable unless decrypted with a unique decryption key held by the attackers.

Educate your staff to be very vigilant and learn how to mitigate the risk of ransomware hitting your organisation with some basic best practices.

Training and Awareness for Staff

User awareness is key to keeping sensitive data safe from online predators. Figures show the increasing trend of attackers targeting staff, who are considered the weakest link in a company’s security strategy. You can have the best technology and processes in place, but if your staff are not alert and vigilant, they can be an open door to cyber criminals.

When carried out effectively, a staff awareness programme:

• helps companies to identify potential security problems;
• helps staff understand the consequences of poor information security;
• ensures procedures are followed consistently to reduce instances of non-compliance.

It is also important to note that EU General Data Protection Regulation (GDPR) coming into effect in May 2018 will affect both large enterprises and SMEs, bringing in a set of new obligations to any company that handles information belonging to individuals.

A critical aspect of the new EU legislation is that it’s set to make reporting of data breaches mandatory with potential fines for non-compliance of up to 4% of Global Turnover or €20M.

The prospect of these fines hitting non-compliant Irish businesses in the not so distant future is indeed frightening but also very real and now more than ever not knowing what’s happening within your IT systems is no longer acceptable.

Board of Directors

The company board need to play an important and active role in assessing and implementing a cybersecurity programme.

1. Developing cyber security strategies.
2. Identifying areas of risk and weakness. This can be achieved by liaising with your IT department or outsourced IT consultants.
3. Implementing a full cyber security programme as opposed to ad hoc procedures against risks.
4. Set the tone at the top by implementing awareness and training for staff.  

Thanks to Zinopy for providing this Cyber Security update.

Zinopy believe there are a number of affordable steps SMEs can take to protect their business data and IT systems. Zinopy offers SMEs inSIght Security Intelligence, a managed security service designed to provide organisations with visibility of their security posture, allowing them to detect intrusions in real time and to take appropriate counter measures to protect their business.

Zinopy holds regular events and webinars educating organisations on the latest security trends, the anatomy of cyber attacks and how to defend against them and the best-of-breed technologies that can assist to optimise your security and begin the journey towards being compliant with EU legislations.

Visit the Zinopy Events page to find out what’s coming next and to sign up for their events mailing list.

Share this Post