Contact Us
Contact Us
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Subscribe to our newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Cyber Security for SMEs - Practical Approach

Defendza, a cyber security firm specialising in cyber security consulting and managed services, offers a five-point quick help cheat sheet that would help SME’s tackle the most common cyber-attacks. 

Read more
Get a FREE 30 min consultation

Are you happy for Defendza to keep you informed on the latest developments in cyber security (attack reports, guidance, DIY articles)? Of course you can unsubscribe at any time. Please see our privacy policy

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Cyber Security. Business meetings hardly run without thoughts around this subject, and that’s rightly so when you could see downfall of your business operations within a matter of hours.

A lack of oversight leaves organizations wide open to cyber-attacks, that means data breaches, supply chain cyber attacks or just network wide undetected compromise for months. From essential office equipment such as printers, scanners to mobile devices and laptops, nothing is immune to cyber-attacks. With the increasing connectivity with Internet of Things and similar technological advances, cyber security is adding a complex challenge for safer lives ahead.

Cisco Cyber Security Special Report 2018 flagged up the main points:

  • 53% of SMEs experienched breach
  • upto 5000 average number of security alerts
  • SMEs invvestigate 55% of security alerts

New statistics from government show over four in ten of all UK businesses and two in ten charities suffered a cyber breach or attack in the past 12 months. When it comes to smaller firms, around 42% identified at least one breach or attack in the past 12 months, that could impact profits and reduce reputational trust.

Majority of these attacks originate using a very common attack known as phishing. These consisted of fraudulent emails from cyber criminals impersonating an organisation that attempt to prompt staff into revealing sensitive information. This information could be passwords, financial information or to run malicious files as attachments.

Small businesses can raise their basic defences and making it difficult for attackers by enrolling to Cyber Essentials initiative and following the regular cyber hygiene practices. UK government along with industry support launched this scheme with the goal of helping organisations protect themselves against common cyber-attacks. Basic level ‘Cyber Essentials’ involves completing a self-assessment questionnaire that are reviewed by an external certifying body before awarding the certification. Second level certification known as ‘Cyber Essentials Plus’ involves tests of the organisation’s systems that are carried out by external certifying body.

There is no absolute failsafe.  If anyone says there is, they don’t understand risk management. But Defendza’s offering to SMEs is aligned with government-backed, industry-supported Cyber Essentials, giving you absolute confidence that we’re 100% committed to your security.

Five Steps to SME Cyber Security 

Defendza, a cyber security firm specialising in cyber security consulting and training matters, offers a five-point quick help cheat sheet that would help SME’s tackle the most common cyber-attacks. This does not require high investments in terms of new shiny products or expensive consultancy fees.

  1.  Passwords

Ensure that password protection mechanisms, such as passcode against PIN on mobile devices, two factor authentication mechanisms, or other authentication methods are set. If devices support fingerprint, facial or other biometric authentication, actual password will not be entered many times – therefore a long non-dictionary, difficult to guess password should be used.

Change passwords often and ensure that staff are encouraged to use password managers. Network staff, developers or other technical staff should use privileged accounts (used for administration) that are separated from their corporate accounts used to check emails, daily tasks. 

Change default passwords on all equipment such as network devices, printers, scanners, security devices.

For windows-based laptops, tablets, ensure that in-built encryption products such as TPM (Trusted Platform Module) are enabled and configured. Similarly, FileVault can be used on MacOS.

  1. Malware Protection

Malware damage can interrupt not only business operations, but also render data unusable (ransomware). By following simple techniques, it is possible to protect your organisation from the damage caused by malware. Regularly patch all software on devices, laptops, systems by promptly applying the latest software updates. Use anti-virus as a minimum on all systems and turn on host firewall to create a boundary outside your network. Encourage staff to follow secure practices during handling of sensitive data, downloading content and other general security awareness techniques.

  1. Device Safety

Devices used outside the office require more protection than traditional desktop environment. Ensure that passcodes, or biometric authentication is enabled at the minimum.

Use mobile device management solutions to remotely control the device configuration in case they are lost. Ensure that staff are encouraged to avoid free wi-fi areas and use VPN or 4G connections at public places.

  1. Backups

An organisation must be prepared to respond in case of loss of data from theft, natural disasters, physical or other damages. Identify relevant data that must be backed up and ensure that regular backups are scheduled. Tests should be performed to restore data to ensure validity of backups.

Consider cloud-based backups where possible. This is a convenient way of back ups because devices can be configured for back up schedules, back up data is stored in a secure data centre away from office, and accessible from anywhere.

  1. Phishing

Human factor is often considered the weakest link in the cyber kill chain. Ensure that your staff are well equipped to identify between fake and legit information. Scammers use grammatically wrong or brand names/words with typos to set up fake websites, that are then used as traps for victims. Always look out for red flags in an email such as spelling mistakes, too good to be true offers, free software offers, sending money, poor grammar. Encourage staff to report suspicious messages, events and share good stories.

Ensure that staff don’t browse the web or check emails from servers or using administrative privileges. This will reduce the impact of attacks in the event user details are stolen.

The above items are ‘good enough’ for a small business to prepare against most common attacks. However, for medium sized enterprises we have observed that the demand in our work is often on the back of our experience amongst their sector or peers. Defendza aligned services with Cyber Essentials deliver you both the certification as well as expert advice with mitigation help. We don’t just offer continued advisory services; we help you get your own Cyber Essentials qualifications. Using our blend of tools, expertise and business-focused threat mitigation, we ensure your business is cyber resilient.

Just like your home requires adequate physical security measures to discourage thieves, cyber security is very much an ongoing effort to keep organisations safe online. As no organisation is immune to attacks, it will certainly prepare a small organisation for attacks from preparedness perspective. With these measures in place, it will also substantially make it easier for incident response investigations in the event of an attack.

Key benefits

  • Protection of key assets such as firewalls, systems, websites and software applications
  • Protect yourself against evolving threats by validating your current assets and preparing mitigation plans
  • Minimise your costs and maximize efficiency by brining specialists to advise you on your weaknesses than buying expensive products
  • Increased reputation by demonstrating to customers and partners that your business takes Cyber Security seriously
  • Cyber Essentials is now mandatory for organizations bidding for public sector contracts that involve the handling of sensitive or personal information
  • Fast turnaround times for Cyber Essentials (from 24 hours to a few days for Cyber Essentials Plus)

About Defendza (https://www.defendza.com )

Defendza is a specialist provider offering cyber security consulting, training services and managed security services. We deliver a truly independent third-party opinion, unbiased expertise free from any inclinations towards vendor partnerships, reselling objectives or promoting any security products. We pride ourselves in being a partner of choice for our clients and helping with their IT security and compliance requirements.

Other articles