While the connectivity of companies, people, and equipment increases daily, so do vulnerabilities and security risks for computer systems.
Threats are multiplying today in number and sophistication, from classic phishing to more complex attacks on the connected equipment. More recently, attention has turned to ransomware, a type of attack in which data is inaccessible to the respective owners, and a ransom is then demanded to regain that access.
This year alone, computer security companies estimate that 305 million attacks of this type alone have been recorded globally.
Advanced data by Check Point Research show that in Europe growth was around 65%; globally it was around 40%.
In this scenario, the news of large companies’ victims of attacks dominates, as was the case this year with the attack on the Colonial Pipeline, the largest pipeline of refined products in the United States.
This type of large-scale action shows us the most impressive face of a global phenomenon and this can lead to the idea that micro, small and medium-sized companies are not a common target of cybercrime today. And this, as you can guess, is another idea that needs to be dismantled.
With a lower level of cybersecurity than large companies, micro and SMEs are constant targets. Those who attack bet that smaller companies are less careful from the point of view of security and that they underestimate the value of their business information. And it often bets well.
For example, six out of ten small businesses do not have a cybersecurity strategy in place in the United States.
Result: They are already the target of 43% of all cyber-attacks registered in the country. According to the FBI’s Internet Crime Report, losses incurred due to lack of computer security in micro and SMEs amounted to 2.7 billion dollars, in 2020 alone. And there are already serious warnings about the growth of the phenomenon in 2021 .
Making security a culture
The frequency and sophistication of cyberattacks is the bad news. The good thing is that strengthening the security of each business is largely in the hands of its employees and may even be much simpler to achieve than you might think.
Relying on powerful cybersecurity tools and equipping your office with the latest small business networking solutions is important, but at the base of any cybersecurity plan is risk awareness. In this sense, no matter how small the company, it is vital that all its employees share the concern with threats and share the effort with their prevention.
Making everyone in an organization aware of the specific risks that computer attacks pose to their specific activity is much more than a technical conversation about procedures – it is a strategic issue. In this sense, it is vital to encourage all employees to report any suspected attacks and define common basic procedures to be adopted in a crisis situation.
Each employee should only have access to the information he needs for his activity, but it is essential that everyone is alert to the same signs.
That they are equally aware of issues as simple as the attention that must be given to attachments and links present in emails from unknown sources, that they share SPAM detection solutions or that they scrupulously watch over their passwords.
This is, by the way, the first of five essential pieces of advice to ensure cybersecurity in any micro or small and medium-sized company.
1. Use strong passwords
Always use strong passwords and encourage all users never to share them and, above all, to take care of their security.
Taking the United States again as an example, the report Global State of Cybersecurity in Small and Medium-Sized Businesses reported that, already in 2019, 70% of micro and SMEs reported episodes in which their employees’ passwords had been lost or stolen.
Furthermore, strange as it may seem, the passwords chosen by each individual are much less diverse than one might imagine and there is even an annual global ranking of the most frequent ones around the world.
Most of them, guarantee experts, can be hacked in less than a second. Check them out here (and please don’t use them).
For the rest, here are three simple requirements for a more secure password: passwords with a minimum length of eight characters (preferably 12 or more); combination of uppercase, lowercase, numbers and symbols; that do not contain obvious information or simple strings.
2. Stay up to date
It doesn’t cost much, actually. Software companies introduce continuous improvements to their programs to correct defects, improve performance and add functionality.
But also – more importantly – to include new vulnerability fixes and security improvements in software packages. In a scenario of constantly changing threats to cybersecurity, it becomes increasingly important that the network and all the equipment connected to it are a well-oiled machine.
It is important to check that operating systems, computers and servers are up to date and activate automatic updates whenever available (Windows, Chrome, Firefox, Adobe), as well as always updating all applications that are being used. Turn off Internet access when not required. On the other hand…
3. Always have a good Plan B
And ‘B’, here, is always Backup. It never hurts to remember the importance of having a reliable backup, from which important data can be recovered after any incident, be it attack or system failure.
The backup strategy must be implemented in such a way that there is a backup kept in a place that is disconnected from the original location of the data, thus avoiding that the backup files are also affected by the attack. On the other hand, the real use of a backup is not the backup itself, but rather the successful restoration.
That is to say, it is critical that the backup strategy is automated to ensure that data is as up-to-date as possible at the time it needs to be restored.
Now, for a micro or SME, these are always conditions that are more easily guaranteed by an integrated solution, like what Altice Empresas offers with their Cloud Backup.
It’s a centralized solution that allows you to protect mixed environments, restore systems to different devices or virtual servers, and migrate systems to mobile devices, PCs, physical or virtual servers or even applications.
All this with a guarantee of speed in the execution of copies, without interrupting the activities of the systems or collaborators, and keeping the backups protected by encrypting data and metadata during access, storage and transfer. In case of failure, the business does not stop.
4. Take care of the security of all ports
In the face of complexity, it is best to simplify. If the challenges are increasingly diverse and sophisticated, the ideal would be to look for an integrated approach to cybersecurity, capable of combining functionalities traditionally scattered across different equipment.
In the case of a small structure, it is even better to resort to a centralized, scalable solution with management services adapted to the real needs of each business. Here, the proposal goes directly to the Firewall solution by Altice Empresas, an advanced and integrated tool, capable of blocking the main cyber-attacks, mitigating the instructions in your system and protecting all sensitive information, ensuring permanent updating for new threats. And this happens without forgetting to take care of security with the new doors that open from a distance, allowing employees secure remote access to corporate systems and applications whenever necessary. And here we come to another important point.
5. Be safe wherever you are
In a world of mobility, any cybersecurity strategy must accompany the movements of a business and its actors. It is therefore essential to have a solution that allows you to have up-to-date and always available information on all devices, whether PCs, smartphones or others, with access to the company’s network from anywhere, always safe and minimizing the risk of losing sensitive information.
This is the central idea of Mobile Device Management by Altice Empresas. Essentially, it is a solution that allows remote and centralized management of smartphones and tablets, offering protection at all end points, for filtering during internet access and validating the legitimacy of installed applications.
Through a simple web portal, and with simple configuration in the cloud infrastructure, it becomes possible to manage all the equipment that access the company’s network, configure them according to the access levels necessary for each employee’s activity, monitor your activity and offer remote support. All this with cost control and the security of knowing that, in the event of loss of equipment, it is possible to block and erase the information remotely, guaranteeing data and content security.
Author: Gurbaj Singh is a Full-Stack Marketer and CEO at Warrior Media with expertise in Inbound Marketing and Marketing Automation with seven plus years of experience. He is passionate about digital marketing and helps people understand the value of the same. He has helped various marketing organizations in their endeavor to gain success. In his spare time, he loves to photograph and fly his drone. You can find him on Linkedin and Upwork.