Cybersecurity: 7 advices for small and medium companies
With the news headlines focused on big companies security breaches, it would be easy for small and medium companies (PYME) to suppose that its size keeps them out of a hacker’s radar, since they are not worthy for an attack. Unfortunately, when it’s about cybersecurity, small doesn’t mean safe.
The common error of saying that small and medium companies are not a target, it can often drive to weak security practices in organizations that lack experience and knowledge to insert simple security steps. Nevertheless, securing your business doesn’t have to come with a considerable price tag, so here are 7 advices in cybersecurity for PYMES.
Install the antivirus ¡EVERYWHERE!
Maybe an obvious advice since every organization has an antivirus in their systems and devices right? Unfortunately, very often they overlook business systems, like web servers. It’s important that PYMES considera ll its network points of entry and have an implemented antivirus in any server, as well as in employees personal systems.
Hackers are skillful to find wek points of entry and install malware, and antivirus software can be useful as a last resort defense, but it’s not a silver bullet. Through continuous monitoring and pentest, organizations can identify weaknesses and vulnerabilities in advance. It’s much better to stop a thief outside your house rather than inside.
Continually monitor your perimeter
The perimeter of an organization is the most exposed to remote attacks due to it’s 24/7 availability. Hackers are constantly scanning the web in search of weaknesses, therefore the companies should also scan their own perimeter. The longer a vulnerability is deactivated, the more probable an attack will happen.
Reduce your surface attack
An organization is composed of all systems and services that has been exposed to the web, the bigger the surface of attack, the bigger the risk.
The exposed services like Microsoft Exchange for e-mail, or Content Management System (CMS) like WordPress, may be vulnerable by brute force or credential stuffing, and regularly it’s discovered new vulnerabilities in the common software system. When removing public access to sensitive systems and interfaces that don’t need to be public access, and guarantee that the 2FA is available, organizations can limit their exposure and reduce their risk considerably.
Keep your software updated each day
There are all kinds of new vulnerabilities to softwares, from web browsers to commercial apps. Only a weakness without patch could lead to a complete system compromise and the client’s data breach; like Equifax discovered their detrimentin 2017. The hacked credit agency incurred in a considerable fine after millions of records of clients were stolen, because of a non-compliance originated in a single server without patch that executes a vulnerable versión in a common web framework.
Generate a security copy of your data
This has been a year with many ransomware-related attacks in which the commercial information acts as a hostage until a financial agreement is paid. Ransomware is designed to encrypt any information and access to it, leaving it unusable and the effects cannot reverse without the attacker’s password and dechiper the data.
Organizations that backup their data can frustrate attackers by recovering their information without the need to pay for ransom, since the systems affected by ransomware can erase and restore from a security copy that is not affected without the attacker’s password.
Data loss is a critical risk for any business, either by malicious intentions or by technical error, like a hard drive disk failure, which is why is always a Good idea to make a security copy of data
Enhance your employees security awareness
Cyberattackers trust in human error, so it is vital that employees are trained to recognize risks and respond adequately. Polls about cybersecurity infractions in 2017, revealed that the most common kind of identified violation were related to the staff that received fraudulent e-mails (72%), followed by virus, spyware and malware (33%), people posing as the organization through e-mails or online (27%) and ransomware (17%).
By enhancing your employees awareness about the benefits of using complex passwords and train the staff to detect common attacks like phishing and malicious links, small companies can guarantee that the staff is their biggest strengh instead of your mayor vulnerability.
Protect yourself in relation to your risk
Cybersecurity measures always must be appropiate for the organization. For example, a small company that runs banking transactions or have access to classified, like medical data, should apply a much mature security posture than a local pet store.
Hackers will be always motivated for money, so when the bigger the price, more time and effort will dedícate to achieve their profits. By identifying threats and vulnerabilities, PYMES can take measures to mitigate and priorize what risks must aboard and in which order.
It’s time that PYMES raise their Cybersecurity game
The attacks to big companies dominates the news that feed the perception of PYMES are safe, unfortunately it’s the contrary. Hackers prefer the way with less resistance, so that makes the PYMES a favorable target, since they don’t have the same level of resources for cybersecurity.
Learn more about how our team of cybersecurity specialists can create a safe space in your business. +56 9 5413 5320 / +56 9 6676 4809 E-mail: contacto@measuredsecurity.cl