Cybersecurity for SMEs Part 1: Determine Your Vulnerabilities and Protect Your Devices
Cybersecurity threats are increasing every day, and not a single day goes by without the publication of a story of media breach or theft. Those of us who own or manage a small or medium business know full well that cybersecurity is crucial and deserves special attention. The problem is where to start.
Cybersecurity can seem awesome and extremely complicated. Not all managers or small business owners have technical training, and technical jargon and contradictory information can discourage even the most cautious and security-conscious people.
If you are a busy manager and the day-to-day management of your business takes up all your time, and you cannot afford to become a technical expert in all aspects of cybersecurity, you can take this series of articles on cybersecurity for SMEs as a practical guide to implement security measures for your business.
Determine your vulnerabilities
To protect yourself from cybersecurity threats, the first step is to determine your vulnerabilities. If you do not know your weaknesses, how can you fix them? If you do not know the type of data your company stores, how can you protect them?
Start by identifying the “crown jewels” of your company’s data. What are the most crucial data held by your company?
These can be very diverse, from your intellectual property to customer information, inventory, financial information, and more. Where do you store all this data? Once you have the answers to these questions, you can start thinking about the risks to which your data is exposed.
Carry out a thorough mapping of all the processes performed by you and your staff members to collect, store and dispose of this data. Think of all the transit points at which this data could be disclosed or stolen. In addition, consider the consequences of a cybersecurity breach for you, your employees, and your relationships with your customers and partners. You can then start putting precautions in place.
Protect your computers and devices
Virtually all the work that allows your business to operate goes through your computers and other devices. However, these devices are connected to the Internet and a local network, and they are vulnerable to attack. These are our guidelines for enhancing your security in all of your company’s IT systems.
1. Update your software
The very first step (and probably the easiest) to make sure your systems are not vulnerable to attack is to make sure you always use the most up-to-date version of your company’s main software. Hackers (or “hackers”) spend their time looking for bugs in popular software, exploiting the flaws to break into the system. Their motives are many: to make money, to make a political statement, or simply because they are capable of it. This kind of intrusion can cause untold damage to your business. Hackers can steal your customers’ credit card numbers from your website, or steal passwords from your computer. Your company would face serious problems if that happened.
Microsoft, along with other software companies, is still looking for vulnerabilities in their software. When they identify one, they publish an update that users can download. It is extremely easy to download these updates as soon as they are released, and one may wonder why so many companies are neglecting this key point in terms of cybersecurity.
In 2017, a worldwide ransomware attack called “WannaCry” hit thousands of victims, including huge organizations like FedEx and the UK’s National Health Service. Before the attack, Microsoft released a hotfix, a software update that fixes the problem, but many system administrators did not install it, which caused a massive attack. Fortunately, the attack was stopped, but it is not always the case. The easiest way to avoid becoming the next victim of hackers is to regularly update your software.
Where do I start?
- If your system is managed by a system administrator, make sure that it is notified of software updates as they are released and that it is responsible for updating your system.
- If you have a small business where you manage your computers yourself, just activate the Windows update. Once your system is updated, reboot your computers.
2. Protect your computers from viruses
Viruses are malicious programs that infect your computer without warning. Viruses are able to do a lot of things, but in general, they access your files and delete or modify them. Viruses spread quickly by replicating and sending messages to people in your contact list. If a computer on your network receives a virus, it can spread quickly in your business, resulting in significant data loss. If you communicate with your customers by e-mail (like most of us), you may also infect them.
The two most dangerous types of viruses currently in circulation are malware and ransomware. Some differences exist between malware and ransomware. The malware works by prompting the victim to download certain software, thus gaining access to the computer of the latter. It can access the same things as you on your computer, steal confidential information or spread spam via email.
The ransomware is a specific type of malware. It locks your computer and prevents you from accessing your important files until you pay the ransom. The ransomware works by encrypting your files through a private key accessible only to its creators. The WannaCry attack mentioned above was a type of ransomware. Paying the ransom is not necessarily the answer: there is no guarantee that hackers can actually unlock your files.
There are a number of basic steps you can take to prevent viruses from infecting your computer. First, install antivirus software on all desktops. The antivirus software scans the incoming e-mails as well as the files currently on your computer, then deletes or quarantines the detected viruses. Hackers always launch new viruses. Therefore, be sure to regularly update your antivirus software. The best software vendors have a feature that directs your computer to download updates automatically. In addition, make sure your team members know they should not open suspicious files.
Using a VPN to access the Internet can also provide you with additional security. VPNs allow you to access the Internet anonymously and encrypt all your data. As a result, they make tracking your computer very difficult for hackers. Good VPN providers send you a security warning when you try to access suspicious URLs.
If you are already a victim of a ransomware attack, it is not too late. This step-by-step guide will help you defeat an attack.
Where do I start?
- Update your antivirus software. If you do not have one, install one now.
- Train your staff so that they do not open suspicious attachments.
- Browse the internet using a VPN.
- Learn about how you can thwart a ransomware attack, in case you need it.
3. Install a firewall
Like most businesses today, all devices in your office are likely to be connected to an always-on broadband Internet connection. If so, it is highly likely that hackers have surveyed your computer network at least once. Hackers do this randomly, but when they find a valid computer address, they exploit all the vulnerabilities to access your network and the individual computers on that network.
Installing a firewall is the best way to prevent this type of attack. Firewalls work by separating different parts of the network from each other, allowing only authorized traffic to access the protected part of the network. If you run a small business, your firewall will prevent the wider Internet from accessing your local private network. A good firewall examines every packet of data that circulates in your network to ensure its legitimacy, and filters packets that it considers suspicious. To prevent hackers from targeting individual computers on your network, the firewall masks the individual identity of each computer.
Installing a firewall is complicated and should only be done by a qualified professional. This makes your job easier: You simply need to talk to your system administrator to make sure your network is protected.
Where do I start?
- Call your system administrator, ask if your local network has a firewall, and if not, ask them to install one.
4. Special precautions for computers and other mobile devices
Because, as the name suggests, they are portable and can therefore drop out of the office, laptops are particularly vulnerable to security breach. They are a target for thieves because they are easy to steal and sell. In addition, employees may be negligent with their business notebooks as most companies will simply replace the device in case of loss or theft; however, replacing a laptop results in a significant financial expense, especially for a small business.
There are some precautions for you and your staff, both to prevent laptop theft but also to limit the most serious consequences of stealing a laptop from the company. First, when an employee uses a laptop in a public place, or even at a meeting or conference, he should always make sure to keep the laptop within sight. Laptops should be kept in carry-on luggage and not be left in luggage lockers at hotels or airports.
Hackers can also easily access data on a laptop or mobile device if the connection is not on a secure network. We recommend several measures to protect your data, such as using a strong password, backing up all the work you’ve done on your laptop before a trip, and encrypting your data. These tips are particularly relevant when it comes to laptops.
It is worthwhile to foresee the possible theft of one of the devices of your company. If you are using a cloud-based solution for some of your software needs, see your provider’s Mobile Device Management features. Leading cloud providers allow you to clear an account on any device that is gone.
All of these tips also apply to corporate smartphones. There are a number of steps you can take to secure corporate smartphones, and this specific guide for iPhones will guide you through this process. We recommend using a number of security applications, and we offer ways to change your phone’s settings to make it safer.
One of the best ways to protect your devices – laptops, smartphones, Amazon Alexa devices or even the PS4 in your office (if your desktop is cool and offers video games!) – is to install a VPN to encrypt all data that flows through these devices. You do not necessarily need to install a VPN on each device; Indeed, you can install it directly on your desktop router. Thus, all devices using the desktop Internet connection will be protected.
It is also important to establish a policy on the devices that staff members are allowed to bring to work. Many companies encourage their workers to bring their own laptops and other devices to the office because this solution is much less expensive than providing a business computer to each employee. We recommend that you require your employees to have all personal devices used for business purposes, install anti-virus software, and receive regular updates.
Where do I start?
- Update all of the company’s laptops and smartphones with the latest antivirus software and operating system updates.
- Establish a policy specifying the devices that can be used at work and the security devices they must contain.
- Contact your cloud provider (s) and ask them / them what they can / can help with managing mobile devices.
