We define small-to-medium enterprises (SMEs) as companies with less than 50 people. Often they are smaller than this, numbering in the tens.
However, the size of the businesses doesn’t change the value of the information inside its systems. Employee and client information, credit card details, payroll figures, access to private materials… the list goes on. The backbone of a reliable business is its ability to protect customers and their information.
We spoke to Aura Information Security cyber evangelist Paul Poteete to get his top tips to help SMEs frame their thinking around building a cybersecurity suite that effectively protects their day-to-day operations. The result? a compelling list of 5 actionable topics, as follows.
- Ensure your systems are up-to-date
Something as simple as ensuring the SMEs systems are up-to-date is a great place to start. How often do we ignore our Windows or Anti-Virus update prompts in lieu of restarting our systems and inconveniencing ourselves?
However, these updates are a built-in line of defence for software and apps to patch any discovered vulnerabilities or backdoors into the system. Firewalls, programs, applications, servers – maintaining their integrity will give a business the first line of defence.
- Understanding your digital assets
So the unfathomable happens – a business is breached and compromised overnight. Documents are copied and stolen, financial information has been duplicated, and hackers have left a backdoor into the system for future use.
Would the average business owner even know?
A practice cybersecurity practitioners encourage is for SMEs to take inventory of their systems and understand the basic ins and outs of what should be where.
Speaking with a cybersecurity expert to gain a topline understanding of asset management, what is really at risk in a business, and what needs to be done in the event of an attack will give SME owners the basic know-how to begin recovering from a breach.
- Incorporate security training for all employees
Knowledge is power and those without it are doomed to ignorance. Unfortunately, claiming ignorance won’t unbreach your system or restore any stolen assets.
SME owners should organise training for employees to foster a culture of cybersecurity awareness, where they can be exposed to the various methods available to hackers out there looking to compromise digital systems.
Furthermore, these sessions reinforce the reasons behind the precautions implemented – such as frequently changing computer and email passwords, locking computers when leaving their desk, precautions when opening emails and attachments and many other behaviours that – unless explained – can come across as pedantic.
- Invest in the right tools
A good cybersecurity system will provide SMEs with an Indicator of Compromise (IoC) if there are any breaches to their business. An IoC is a strong signal that there has been interference or a digital intrusion, and warrants being checked out.
Potential sources for IoCs come in many shapes and sizes – from email signatures loaded with viruses through to malignant URL addresses for botnet command and control servers.
This data is then used to futureproof the systems from future attacks of that sort, giving the cybersecurity suite the ability to ‘update’ as circumstances change. Hence why investing in the right tools is an important step towards safeguarding any SME.
- Speak with the experts
Information Security is a rapidly evolving industry worldwide, with breakthroughs happening every week. Keeping up with the trends and running a SME is going to be tough for even the most resilient entrepreneurs.
There are cybersecurity experts who live on the pulse of this shifting landscape and can give insight into where a business’ weaknesses lie and make recommendations about the best next steps to take.