[BreachExchange] Helping SMEs safeguard their business against cyber-attacks
Audrey McNeil
audrey at riskbasedsecurity.com
Mon Jun 12 18:56:26 EDT 2017
http://www.itproportal.com/features/helping-smes-safeguard-their-business-
against-cyber-attacks/
We’re all well-versed on how rising technologies such as cloud, IoT, AI and
others are changing the face of organisations as we know it. As they
continue to define the digital agenda, it’s no surprise to hear that
product improvement and technology were revealed as the biggest-rising
priorities for CEOs this year.
Although it’s promising to see businesses consider how they can prepare for
a digital tomorrow, implementing an IT infrastructure of this magnitude
doesn’t come without time, money and knowledge. Whilst large enterprises
have the means to invest these resources, small-and-medium enterprises
(SMEs) struggle to know where their capital is best placed. Intensifying
this struggle, is the pressure on SMEs to secure their place in the digital
tomorrow, or risk getting left behind.
Making up 99 per cent of all private sector businesses, SMEs are key to our
economy, driving growth and ensuring employment in a turbulent market. With
a combined annual turnover of over £1.8 trillion, almost half (47 per cent)
of all private sector turnover in the UK, it’s never been more vital for
SMEs to keep up with the pace of technology in order to continue this
growth.
The SME challenge
There’s no silver bullet, but one rich resource that has become accessible
to organisations of all sizes is data. When used correctly, this
information can be used to understand customers better, drive productivity
and develop holistic business strategies. However, with the current and
ongoing threat of cyber-attacks looming, organisations have a great
responsibility to keep all this data secure.
Despite this vulnerability, many are still not effectively protecting their
data from future attacks. It was – after all - Lloyds which revealed that
despite 97 per cent of UK firms having experienced a data breach in the
last five years, over half (57 per cent) admitted to knowing little or
nothing about the new EU General Data Protection Regulation (GDPR) which is
set to come into effect next May.
With a staggering 71 per cent of SME’s suffering some kind of security
breach in 2016, SMEs with sensitive personal or financial data in their
possession need to make sure internal protection against these threats is
number one on their agenda.
But where should SMEs start? Here are five tips for helping small
businesses taking proactive steps towards protecting their assets from
cyber-criminals:
1. Raise awareness with a simple conversation
Made clear from the latest cyber-attacks, the simple truth is that without
secure systems in place, there is a constant threat we should expect to see
surface more regularly. With a move towards a more flexible and agile
working environment, employees are expected to be more productive on the
move – meaning access to company files isn’t just limited to the office.
Both this and an increasing soar in bring-your-own-device (BYOD) practices
has led to more data-producing devices accessing the network. And what does
that mean? A more open playing field for cyber-criminals.
To quickly show weaknesses in systems and gaps in knowledge, having
conversations about what is considered to be critical data and what makes
up good password practices is an effective place to start. SMEs should look
at establishing workshops to discuss how they manage and secure their data,
what their environment consists of and how they thinking about cyber
security within their practice area.
2. Keep hackers out by building a solid online fort
As we know, prevention is one of the fronts where the cyber security battle
rages on. That’s why having the right encryption is a big part of building
a solid online fort to keep hackers out. A good starting point is to
encrypt at an individual level, what’s incoming and outgoing, as well as
the data behind the Firewall. Auditing protocol plays an important role in
encryption.
3. Staying safe in the cloud
Right now, most Internet of Things (IoT) smart devices are in factories,
businesses and healthcare. But by 2020, the number of internet-connected
things is predicted to reach over 50 billion devices, meaning we’ll see
more IoT devices in our homes and phones. So what does this mean for SMEs?
SMEs should be cautious that each device is a doorway into your company’s
network. The more devices that are bought and used in the workplace, the
more opportunities and ‘doorways’ open to malicious attackers.
To fully protect yourself, it’s wise to put in place a secure back up plan
in the cloud. By saving and securing data across multiple locations will
ensure your business is not a victim of ransomware. This is especially
important as this is where online criminals will successfully infect your
system and take data hostage.
4. Service applications come to the rescue
>From watching how information is passed through office printers (an office
tool not usually associated with data theft) to helping secure data hatches
when it comes to monitoring the flow of data through mobile devices, small
businesses should not take for granted service as a security application.
5. Time to pinpoint where the value lies
Every business will have something that cyber-criminals want, whether it’s
customer data sets, financial information or connectivity to larger
organisations. Organisations of all sizes should locate and identify where
their value resides, control the flow of access to this information and
create a more robust security strategy around this.
By keeping your small business updated and ahead of cyber criminals,
subscribing to groups like Cyber Thread Alliance will ensure you have the
protection you need to assets. These sorts of groups help business
understand what’s flowing into, what already exists and what may be flowing
out of your environment.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170612/90c9bf93/attachment.html>
More information about the BreachExchange
mailing list