Intelligent SME.tech Issue 01 | Page 20

? EDITOR ’ S QUESTION //

SMES CAN BE CONSIDERED THE NEW BIG TARGET FOR ATTACKS , YET CYBERCRIME PREVENTION
IS OFTEN NEGLECTED WITHIN THEIR
ENVIRONMENT .
Every month , we pose industry experts a question pertinent to the issues of the day . This month . . . .

N

ORDVPN TEAMS , A cloudbased VPN for business provider , has offered advice to SMEs looking to bolster the security of their company data .
Juta Gurinaviciute , Chief Technology Officer at NordVPN Teams , said : “ It is frightening to see such important economic drivers lagging behind when it comes to adopting strategies for fighting threats .
“ Today , SMEs can be considered the new big target for attacks , yet cybercrime prevention is often neglected within their environment . With millions of employees working remotely , workers are accessing company data without the safety of a fortified corporate network . This has made them easy targets for hackers and scammers .”
NordVPN Teams has outlined steps SMEs can take to protect their company data :
1 RISK ASSESSMENT The main assets your company has and the threats it faces should be identified and prioritised . 2 . SECURITY TRAINING General security policies need to be drawn up and implemented and staff have to be appropriately trained ad-hoc , whether remotely or in person . 3 . DEVICES Laptops and mobile devices must be secured with strong passwords or biometric identification . Devices should operate on a platform that can be remotely tracked and deactivated in an event of loss , theft , or any other misuse . 4 . PASSWORDS Employee passwords should be unique and changed regularly . The use of a password manager is imperative to prevent password leaks while using emails or other critical applications .

HOW CAN SMES BEST PROTECT THEIR COMPANY DATA ?

5 . REMOTE ACCESS Only secure virtual private network ( VPN ) connectivity should be allowed for remote access . In addition , only whitelisted IP addresses or device IDs should be allowed to access systems , as this will allow access to authorised users only . 6 . TREAT EVERY EMAIL WITH ZERO TRUST Because of the remote work environment , the amount of information exchanged over the Internet through virtual conferences and emails has skyrocketed . Establish a process that enables employees to report anything suspicious and share regular updates and information about phishing emails . 7 . UPDATES Keeping everything , including servers , workstations , smartphones and others up to date is key in cyberhygiene . Applying security updates is part of this process . Ideally , it has to be automated to a certain degree and the updates can be tested in a testing environment . 8 . BACKUPS Having backups is vital prior to installing updates . This will also protect the environment from attacks such as ransomware . Keep the backups offline , test them and have backup duplicates . 9 . ENDPOINT PROTECTION Antivirus software is just one of the many ways to secure network endpoints . Anti-malware , anti-spyware and firewall software should also be installed to detect and eliminate threats before they become problematic . 10 . INCIDENT MANAGEMENT PLAN Having a plan for how to handle incidents will help mitigate loss in the long run . At the very least , staff have to be trained to recognise a data breach and know to whom they should report the breach and when .

?

20 intelligent
. tech
Intelligent SME . tech