A recent survey revealed that nearly half of SMEs didn’t feel they needed to protect their business against cyber-attacks despite listing data protection as one of their biggest concerns. SMEs are as likely to be hit with cybercrime as their bigger competitors, but they are less equipped financially and operationally to absorb the impact.
Many businesses have fallen victim to ransom-ware, where company data is encrypted by an attacker, leaving the business paralysed unless a ransom is paid to criminals for the unlocking key. So what practical steps should you take to help protect your business from cyber-crime?
George O’Dowd (pictured), managing director of Novi Technology, says that security should be an ongoing process and not something you do every few years. Implementing security systems without proactively maintaining and managing those systems will leave any business exposed. Security consists of several layers each with a specific responsibility. O'Down advises:
- A poorly configured firewall or a firewall that does not offer advanced threat protection is a guaranteed security risk. Firewall policies should be regularly reviewed by experts to ensure that they are offering maximum protection.
- An internet monitoring system helps identify unusual internet activity on your network such as a malware infected device.
- All devices should have up to date antivirus and anti-malware apps installed, and security updates should be applied to deal with any vulnerabilities.
- Remote access to corporate networks should consist of an encrypted connection together with two-factor authentication, which involves both a username and password along with a unique code generated by a phone app or key fob that must be entered when logging in.
- An email protection system to help block malicious emails from reaching employees and minimise their chances of falling victim to a phishing attack.
"With 200,000 new pieces of malware identified every day and a hacking intrusion taking 210 days to detect, businesses need to get serious about security," says O'Dowd. "The EU’s new General Data Protection Regulation will come into force in 2018 and could result in companies being fined for allowing security breaches to compromise customer data. Cybercrime poses a very real threat to every business, and they should be working to insulate their systems to the maximum extent possible."