As we enter 2018, the focus for SMEs is around security of data and avoiding attacks such as ransomware and phishing. So, what can small businesses do to protect themselves and the sensitive data they hold for their customers? With GDPR only months away, the ever-increasing threat of a breach on personal data is a final wake-up call for those that ignore the glaring consequences.

 

1. Avoid internal data breaches

 

While the focus and main concern for data theft and data breaches for SMEs are from outside perpetrators getting into the company network, little concern or focus is spent on internal threat - such as a rogue employee. Every employee that decides to part ways with their employer, should be seen as a walking data breach. Remaining employees should have the correct data-access privileges in place and regular checks to ensure that this is being correctly enforced. Employee audit trails, for all company data that has been accessed, would also be important.

 

2. Be aware of phishing and spear phishing

 

SMEs are not fully aware and trained up on such attacks. It’s not always malware that costs business owners significant financial losses; spear phishing has become increasingly sophisticated and targets specific people within a business, such as accounts personnel. Business owners must ensure all employees are trained to spot a phishing email.

 

3. Employee training on cyber security

 

Implementing the best policies and processes can be easily undone if they are not followed or understood by employees. Ultimately, even a basic level of knowledge and awareness could mean the difference between being hacked or avoiding the risk altogether. Start a staff training and awareness programme ASAP.

 

4. Deploy adequate anti-malware solutions

 

Malware is a blanket term that encompasses any software that gets installed onto a machine to perform unwanted tasks for the benefit of a third party. Ransomware is a type of malware but others exist including; spyware, adware, bots and trojans.

To prevent malware from taking hold, businesses should invest in solid anti-virus technology. Furthermore, operating systems, firewalls and firmware, and previously mentioned anti-virus software must be kept up-to-date. If services are outdated or not updated regularly, businesses are at a serious risk. 

 

5. Ensure all systems are patched and up to date

 

In a digital era where vulnerabilities are constantly being exploited, older systems such as Windows XP, Windows 8 and Windows Server 2003 are continuously under attack due to no support or updates by Microsoft. Many businesses hadn’t installed the update when WannaCry hit. The consequences of that delay was very costly. Even for newer systems, a patch management plan is the ideal place to start for your systems for 2018.

 

6. Bring your own device (BYOD) policy implementation

 

Businesses are vulnerable to data theft, especially if employees are using unsecure mobile devices to share or access company data. The solution is nailing down a defined BYOD policy. A comprehensive BYOD policy educates employees on device expectations and allow companies to better monitor email and documents that are being downloaded to company-owned devices.

The message is loud and clear for SMEs in an increasingly security-conscious era. Ensure your policies, processes and procedures are up to date and employees fully informed. Most of all, ensure you have an adequate backup and disaster-recovery plans in place.

 

Below: David Waldron, from the Irish SME Association, meets the former Tánaiste Frances Fitzgerald and Ivan-Archer from CloudStrong, at the 2017 ISME Annual Conference.