Small and medium enterprises (SMEs) are today most vulnerable to cyber attacks as they are ill-prepared to deal with this modern day menace. Cyber crimes or cyber-enabled crimes hit one in four Australians – or over 6 million Australians – every day, according to the Australian Cyber Security Centre (ACSC). A lot of these attacks on individuals are aimed at getting access to systems of enterprises they are employed in. Many of these enterprises are small and medium businesses.
There are multiple reasons for SMEs being vulnerable to such attacks. With a greater pace of technology adoption, more and more small businesses are embracing information and communication technologies. Though they have adopted technologies, there is a scant understanding of the security threats coming with such technologies.
Though these enterprises deal with a lot of sensitive data, they do not have a clear IT security policy. Besides, being smaller businesses, many of which working on razor-thin margins, they lack the wherewithal to spend a significant amount only safeguarding themselves against cyber attacks, leaving them vulnerable to these attacks.
Notwithstanding their limitations, SMEs have to realise that the threat of cyber attacks on them is as real as they are to larger corporates — the latter are better equipped to fight with such attacks than the former. Therefore, SMEs need to take a few basic measures to reduce the risk of such attacks. Here are a few basic and easy to adopt security measures for the SMEs:
1. Have a cybersecurity policy in place
Put in place a basic set of rules on password creation and storage, safe use of mobile devices, use of email and internet and restrictive use of certain websites, among others. These rules should be explicitly mentioned in written, communicated and employees at all levels should be educated about them.
2. Train employees
Most cyber attacks happen because of human errors. An employee may click an email attachment which could be a virus, or he/she may fall victim to social engineering tactics of the cybercriminal. Inform the employees – at least those directly working on the company network – about the IT security policy in place, and train them about the common ways in which hackers may get access to the system.
3. Limited access to network software/hardware
Make sure only a limited number of people get access to sensitive data, software, and hardware. Moreover, those who have access must follow certain security protocols like multi-factor authentication without failure. This reduces the risk of sensitive information and data falling in wrong hands or misuse of the privilege one has due to such access.
4. Do not delay software updates
Updates are a way of ‘patching’ the security vulnerabilities in particular software. Regular updates ensure that any risk of cyberattacks is minimized. Any delay in effecting software updates means exposing the enterprise to cyber attacks.
5. Put firewalls in place
Firewalls are the first line of defence against any attack on the network. They work as filters which keep unauthorized and unwanted access requests out of the enterprise network. You can define the information or access requests which you want to get in or out of your network.
6. Create cloud backups
Keep a backup of all your data, preferably on a cloud. A backup helps the business recover data or information in case of loss of the same due to cyber attack or for that matter any other reason.
7. Choose a trustworthy malware
Buy the best quality malware or antivirus software. The best antivirus should not be decided on the detection rate alone. Other factors like configurability, product support, privacy policies should also be considered while choosing an antivirus.
8. Secure mobile devices
Mobile devices like phones and printers, which store sensitive data and information temporarily can pose a serious security threat. Ensure that security policies are in place for users of all devices.
9. Secure Wi-Fi networks
If you provide Wi-Fi access to some employees, ensure it is secure, encrypted and password-protected.
10. Virtualize your network
Remove hardware-based servers and store all your data and files on a cloud-based system. This is not only cost-effective but also much more secure because a reliable third-party cloud service providers would be better equipped to deal with cyber attacks than a small business.
SMEs in Australia’s account for 57 per cent of the country’s GDP and employ around 7 million people (out of close to 13 million employed people). With such significant contributions, it won’t be wrong to call them the backbone of the country’s economy. It is, therefore, all the more crucial that SMEs have a better understanding about the risks of and ways to prevent cyber attacks.