As an IT consultant who has been in the industry for the past ten years, I’ve observed that many small businesses pay little attention to cybersecurity. They often think that larger corporations are more at risk of cyber-attacks than SMEs, but this is unfortunately not true.
While larger MNCs may have a bigger budget and dedicated professionals to deal with cyber crime, SMEs face the same threats as MNCs and therefore should also set aside a budget to deal with cybersecurity issues.
Recognising these growing threats, the Singapore government has taken proactive steps to further strengthen the national cybersecurity strategy and passed the Cyber Security Bill on 5 Feb 2018.
For SMEs, the first step towards better cybersecurity is awareness. Take on a collaborative approach with your employees and treat IT risk as a part of your corporate risk management. Here are 5 steps that SMEs can adopt to protect themselves from cyber crime.
1. Have a good backup process in place
This is one of the best ways to protect your company data against ransomware. With a good backup process, you can restore all your files once the infection has been cleaned up. For increased security, store your backups appropriately to make sure that attackers cannot access or delete them.
2. Implement a secure password policy
Make sure every one in the company understands the importance of a strong password. Every password should contain symbols, upper and lower-case letters. You would generally want to set the minimum password length to at least eight characters since long passwords are harder to crack than shorter ones.
These passwords also need to be set to be changed on a regular basis. A good password can last 6 months or more. Don’t encourage employees to change them any more frequently than that, or you may wind up with a “Password1”, “Password2 situation”.
3. Increase awareness of suspicious activity
Ideally, all your employees should be able to recognise and delete anything that looks suspicious.
Make use of vendors such as KnowBe4, which offers free opportunities to create your own simulated phishing campaigns and test how your employees react to the threat.
4. Make sure remote access is secure
Remote access to your work computer from home can leave companies open to attack. These ideally need to be behind a secure VPN Firewall to increase protection. A VPN Firewall helps to prevent the data exchange without leaking the instructions and monitors the incoming and outgoing website traffic silently.
5. Invest in a good quality antivirus programme
Most anti-virus products in the market right now boast multiple functions to protect your devices. This means that the product offers multiple means, or “layers” of protection against viruses, malware, ransomware, Trojans and other threats.
New threats are created all the time, and old forms of malware often resurface or get reused in new ways. Be sure to update your antivirus programme regularly.
With proper planning and training for the above practices, SMEs can protect their business and employees with the necessary tools to defend most threats.
Not sure where to start? Contact a Biz Friend now to start a conversation on how to step up on your company’s cybersecurity.