The latest cybersecurity innovation may be attractive, but many SMEs are still failing to implement basic protection and controls in their business, leaving them vulnerable to what should be trivial and easily prevented attacks. In 2020, SMEs should focus on fundamental cybersecurity hygiene, which represents the best return on investment for small organisation wanting to strengthen their defences.
The smaller nature and larger number of SMEs compared to enterprise sized organisations makes wide-scale, low complexity attacks that rely on economies of scale more profitable for malicious attackers. However, while in many cases these are routine to spot and defend against, many businesses still do not have the basic hygiene measures in place.
“We work closely with our SME partners, and we see that many of them struggle with outwardly simple activities that would greatly help their security and cyber resilience. Whether they lack skills, budget or time, or are limited by legacy design choices or customer requirements, they can often be extremely vulnerable to attacks at scale. Our practical advice comes down to strong non-default passwords, implementing 2FA on critical logins, regular patching, having a firewall and putting malware prevention in place. If those controls aren’t ready, management might need to rethink their priorities, as the risks are increasing at an unsustainable rate.
Specifically, businesses should:
- Immediately stop using default logins and adopt multi-factor authentication.
- Regularly patch software, even if this means taking systems out of use for a short time. Scheduled downtime is preferable to a breach or catastrophic outage from ransomware.
- Back up key data and systems. Data that isn’t backed up will eventually become unavailable.
- Deploy firewalls locally on laptops and PCs, and across their infrastructure. Design the ACLs carefully.
- Have a clear, practical policy on who can access their data – including those gaining access through supply chains.
“If these controls are already in place, businesses could do worse than to take a long, hard look at the risk provided by their supply chain. Alternatively, MSPs are coming into the market that can provide security monitoring and incident response services at a price and scale that is attractive to SMEs. The ability to detect and respond to an attack is a critical next step, once basic hygiene is in place. Lastly, businesses should also consider investing in controls and training to reduce the risk of social engineering.”
Founded in 2002, Memset, based in Surrey, has become a leading UK cloud provider of choice, working alongside customers to deliver exceptional service, robust security and leading-edge technology.
Memset is a managed services provider offering dedicated hosting, virtual private servers and IaaS for scalable cloud, with a portfolio of cyber-security and managed support for critical business IT infrastructure and business transformation programmes.
Memset’s ISO certifications include 9001:2015 for Quality Management and 27001:2013 for Information Security and 14001: 2015 for Environmental Management