What Are the Minimum Cybersecurity Controls Your SME Needs to Have?

How can small and medium-sized enterprises keep their businesses safe from cybercrime? How do you know where to start? Improved security doesn’t always have to include a full system overhaul. Sometimes, implementing small, incremental changes can have a significant impact on lowering the risks. Here are the top four tips that every business should work on for effective security.

1. Know what you’ve got

You can only protect what you can see, so the most key place to start is to understand what your existing system includes. Review and update your asset register so that all assets are accounted for, and you know where all the access points to your system are. A good understanding of your current landscape should include a risk register that identifies where the high, medium and low-risk points are in your network. That way, you know where to invest in tools and solutions to increase security. To find out where your risks are, it’s a good idea to do regular vulnerability scans so you can see where there are issues and test your system against common and current security threats. An effective scanning tool is an essential component of your security arsenal.

2. Back up, back up, back up

Back-ups are the ultimate insurance when (and it’s best to assume it’s a ‘when’ not an ‘if’) a cyberattack occurs. Case studies are increasingly showing that cloud-based back-ups are more effective than local back-ups on a server as once a system is compromised, the server-based back-up then becomes vulnerable too. Back-ups should also be in place for tools like Office 365. Back-up systems should be checked regularly to see that they are collecting what they should be and that it’s happening regularly enough (daily is best) so that you can get your system up and running again quickly if necessary.

3. Cybersecurity awareness training

Did you know that human beings are responsible for around 95% of all cyberattacks? This means that investing in cybersecurity awareness training for your employees is one of the most effective ways to keep your business safe. Good training systems will result in positive behaviour change as employees develop skills to identify and avoid common cybercrime tactics.

Systems should also have multi-factor authentication set up as a minimum-security feature, and good cybersecurity training will also help people using these tools understand why they are important and prevent them from becoming an irritation or hindrance to productivity.

4. Active monitoring systems

If an attack does happen, it’s not always immediately evident. A recent report from IBM shows that the average time for an attack to be identified and contained without security AI and automation is 323 days. Cybercriminals are not always acting immediately once they’ve breached a system. Increasingly, they are sitting behind an organisation’s virtual walls observing how best to launch an attack for maximum impact and financial gain.

The most effective way to secure against this is to have active monitoring systems in place, such as a firewall, access control and intrusion detection. An IT services provider can help you determine the most suitable options for your particular system.

The tips and tools in this article were shared by a panel of cybersecurity experts during Numata’s webinar on Cybersecurity for SMEs: Building a More Resilient Business. If you want to know more, click here to watch the full webinar or contact our team if you would like more information or assistance with a tailored cybersecurity prevention solution.

GET IN TOUCH

 

Back to Blog