Cyberattacks: How SMEs protect themselves
A clear strategy is needed to protect your own IT infrastructure in the long term. This includes not only technical security measures, but also the human factor.
Cyberattacks no longer affect only private individuals and large companies. Small and medium-sized enterprises are also increasingly being targeted by attackers. They represent attractive targets if they inadequately protect their IT infrastructure due to small IT budgets or a lack of security experts. In addition, many IT managers are busy with the normal operation of the IT infrastructure. SMEs often lack the know-how, time or even both for effective data protection and security.
Cyberattacks on the rise
This is even more true in times of crisis, as the Covid 19 pandemic clearly demonstrated. During the lockdown, working in a home office created entirely new challenges for corporate IT. Criminals used this circumstance for their own purposes. Three times as many incidents were reported to the National Cyber Security Center (NCSC) during certain weeks of the lockdown than before the outbreak of the pandemic.
The attackers' methods range from social engineering to ransomware and phishing. Cyberattacks pose a serious threat to companies' IT systems, applications and data and can have serious consequences. In addition to a temporary failure of systems, data theft or espionage, a loss of trust among customers, damage to the company's image or financial losses can also result from the attack.
Laying the foundation and taking proactive measures
To prevent these scenarios, reliable and efficient storage solutions are essential as a basis for back-up and recovery as well as archiving. They allow short- to medium-term storage and, in the event of a loss, the recovery of data records. However, proactive measures must also be taken to protect the company's own data.
Examples of such proactive measures include cyber security solutions to defend against malware attacks and software for identity and access management (IAM), i.e. for managing identities and their access rights. In combination, they block malicious attacks and protect data stored on servers (local or in the cloud), PCs, notebooks or mobile devices from cyber threats and access by unauthorized users.
7 tips for a solid security strategy
A comprehensive strategy for backup, recovery and archiving as well as the use of cybersecurity and identity & access management solutions are essential components for the security of IT systems and data in small and medium-sized enterprises. SMEs can additionally increase their security with the following measures:
- Prevent shadow ITShadow IT means that employees use applications without the knowledge of the IT department, such as cloud-based services or consumer tools. It increases risk because IT cannot provide support and loses control. Companies can prevent this shadow IT by quickly implementing requests from business departments or by introducing and managing common consumer tools themselves.
- Safety guidelinesSMEs should establish policies that define basic security strategies and practices within the company that employees must adhere to. These include, for example, rules for secure passwords, private Internet use, the use of mobile devices or specifications for backing up data.
- Safety awarenessPeople are considered the weakest link in the security chain. Therefore, companies should educate their employees about the policies, current threats and how to deal with them in training sessions to create security awareness.
- Permanent updatesCompanies should always keep their systems and applications up to date and install updates and the latest security patches.
- Secure connectionsThe firewall of the network and the WLAN router must always be activated, even for employees in the home office.
- Mobile device protection: Mobile devices pose significant security and management challenges. Companies must ensure that their employees' devices are password protected, data is encrypted and security applications are installed to prevent misuse.
- Password management: As part of a comprehensive security strategy, employees should be required to use strong passwords and also change them every three months.
If the solutions described are actively used and the recommendations implemented, SMEs will create increased security for their corporate data without having to invest too many resources. Malware is warded off, unauthorized access to data and the loss of sensitive information is prevented.
Author:
Frank Thonüs is General Manager Switzerland at Dell Technologies.
