Defendza, a cyber security firm specialising in cyber security consulting and managed services, offers a five-point quick help cheat sheet that would help SME’s tackle the most common cyber-attacks.
Business meetings hardly run without thoughts around this subject, and that’s rightly so when you could see the downfall of your business operations within a matter of hours.
Ineffective Internet security in small businesses can have disastrous effects.
A lack of oversight leaves organizations wide open to cyber-attacks, that means data breaches, supply chain cyberattacks or just network-wide undetected compromise for months. From essential office equipment such as printers, scanners to mobile devices and laptops, nothing is immune to cyber-attacks. With the increasing connectivity with Internet of Things and similar technological advances, cybersecurity is adding a complex challenge for safer lives ahead.
Cybersecurity for small businesses can sometimes get overlooked. The importance of cybersecurity solutions today has never been more vital to the long term success of your business. If you have an SME, you need a cyber strategy along with a dedicated solution and secure plan of action going forward.
Cisco Cyber Security Special Report 2018 flagged up the main points:
New statistics from government show over four in ten of all UK businesses and two in ten charities suffered a cyber breach or attack in the past 12 months. When it comes to smaller firms, around 42% identified at least one breach or attack in the past 12 months, that could impact profits and reduce reputational trust.
Majority of these attacks originate using a very common attack known as phishing. These consisted of fraudulent emails from cybercriminals impersonating an organisation that attempt to prompt staff into revealing sensitive information. This information could be passwords, financial information or to run malicious files as attachments.
Small businesses can raise their basic defences and making it difficult for attackers by enrolling to Cyber Essentials initiative and following the regular cyber hygiene practices. UK government along with industry support launched this scheme with the goal of helping organisations protect themselves against common cyber-attacks. Basic level ‘Cyber Essentials’ involves completing a self-assessment questionnaire that are reviewed by an external certifying body before awarding the certification. Second level certification is known as ‘Cyber Essentials Plus’ involves tests of the organisation’s systems that are carried out by the external certifying body.
There is no absolute failsafe. If anyone says there is, they don’t understand risk management. But Defendza’s offering to SMEs is aligned with government-backed, industry-supported Cyber Essentials, giving you absolute confidence that we’re 100% committed to your security.
Defendza, a cybersecurity firm specialising in cybersecurity consulting and training matters, offers a five-point quick help cheat sheet that would help SME’s tackle the most common cyber-attacks. This does not require high investments in terms of new shiny products or expensive consultancy fees.
So, what are the cybersecurity solutions you need to be aware of?
Ensure that password protection mechanism, such as passcode against PIN on mobile devices, two-factor authentication mechanisms, or other authentication methods are set. If devices support fingerprint, facial or other biometric authentication, the actual password will not be entered many times – therefore a long non-dictionary, difficult to guess password should be used.
Change passwords often and ensure that staff are encouraged to use password managers. Network staff, developers or other technical staff should use privileged accounts (used for administration) that are separated from their corporate accounts used to check emails, daily tasks.
Change default passwords on all equipment such as network devices, printers, scanners, security devices.
For windows-based laptops, tablets, ensure that in-built encryption products such as TPM (Trusted Platform Module) are enabled and configured. Similarly, FileVault can be used on MacOS.
Malware damage can interrupt not only business operations but also render data unusable (ransomware). By following simple techniques, it is possible to protect your organisation from the damage caused by malware. Regularly patch all software on devices, laptops, systems by promptly applying the latest software updates. Use anti-virus as a minimum on all systems and turn on host firewall to create a boundary outside your network. Encourage staff to follow secure practices during handling of sensitive data, downloading content and other general security awareness techniques.
Devices used outside the office require more protection than the traditional desktop environment. Ensure that passcodes or biometric authentication are enabled at the minimum.
Use mobile device management solutions to remotely control the device configuration in case they are lost. Ensure that staff are encouraged to avoid free wi-fi areas and use VPN or 4G connections at public places.
An organisation must be prepared to respond in case of loss of data from theft, natural disasters, physical or other damages. Identify relevant data that must be backed up and ensure that regular backups are scheduled. Tests should be performed to restore data to ensure the validity of backups.
Consider cloud-based backups where possible. This is a convenient way of backups because devices can be configured for back up schedules, back up data is stored in a secure data centre away from the office, and accessible from anywhere.
Human factor is often considered the weakest link in the cyber kill chain. Ensure that your staff are well equipped to identify between fake and legit information. Scammers use grammatically wrong or brand names/words with typos to set up fake websites, that are then used as traps for victims. Always lookout for red flags in an email such as spelling mistakes, too good to be true offers, free software offers, sending money, poor grammar. Encourage staff to report suspicious messages, events and share good stories.
Ensure that staff don’t browse the web or check emails from servers or using administrative privileges. This will reduce the impact of attacks in the event user details are stolen.
The above items are ‘good enough’ for a small business to prepare against most common attacks. However, for medium-sized enterprises, we have observed that the demand in our work is often on the back of our experience amongst their sector or peers. Defendza aligned services with Cyber Essentials deliver you both the certification as well as expert advice with mitigation help. We don’t just offer continued advisory services; we help you get your own Cyber Essentials qualifications. Using our blend of tools, expertise and business-focused threat mitigation, we ensure your business is cyber resilient.
Just like your home requires adequate physical security measures to discourage thieves, cybersecurity is very much an ongoing effort to keep organisations safe online. As no organisation is immune to attacks, it will certainly prepare a small organisation for attacks from a preparedness perspective. With these measures in place, it will also substantially make it easier for incident response investigations in the event of an attack.
About Defendza (https://www.defendza.com )
Defendza is a specialist provider offering cybersecurity consulting, training services and managed security services. We deliver a truly independent third-party opinion, unbiased expertise free from any inclinations towards vendor partnerships, reselling objectives or promoting any security products. We pride ourselves in being a partner of choice for our clients and helping with their IT security and compliance requirements.
Defendza, a cyber security firm specialising in cyber security consulting and training matters, offers cyber security tips for remote workers and businesses. This includes preparing for remote working and protecting from cyberattacks when working from home during COVID-19.
Read MoreCovid-19 has been referred to as the 'economic tsunami' hitting businesses causing a global recession. Cybersecurity is usually seen as an afterthought or a luxury, and as not having a direct benefit to the business profits.
Read MoreDefendza's checklist-based guidance online retailers especially SMEs to provide with an overview of both basic and advanced cybersecurity measures they should implement. Overall, the guide will enable organizations to improve their cybersecurity posture, reduce security risks, avoid vulnerabilities, and enhance their resilience.
Read MoreDefendza, a cyber security firm specialising in cyber security consulting and training matters, offers an insight into PSD2 & Open Banking cyber security considerations for third party adopters. This article also explains about the new "The Regulatory Technical Standards" from European Payment Council.
Read More
