5 tips for SME cyber-resilience

Features Posted 16/03/22
Tribeca Technology's CEO and founder Mark Instance identifies the cyber threats for SMEs and offers his top tips for resilience

As children, the invisible threats of our imaginations kept us awake at night. The monster under the bed or lurking in our bedroom shadows; we were convinced something was out to get us. As grown-up business executives, the threats that keep us awake at night are still invisible, but they certainly aren’t imaginary. Cybercriminals are the new monsters, and they really are out to get us.

According to the government’s 2021 Cyber Security Breaches Survey, almost 40% of businesses reported cyber security breaches in the previous year. Two of the most common security concerns for SMEs are ransomware attacks and Business Email Compromise (BEC). These examples of cyberattacks can be disruptive and incredibly costly, both in direct financial terms and reputationally.

Ransomware explained

Ransomware is a type of malware designed to prevent you from accessing your device or the data. The device itself may become locked or the data on it may be stolen, deleted or encrypted. Attackers then demand payment of a ransom to release your device or data, hence the moniker. An infamous example is the 2017 WannaCry attack that crippled the NHS.

What is BEC?

BEC is when your email system is accessed by a third party, often due to compromised credentials. This can be the starting point of fraudulent communication with your clients or suppliers that can lead to payments being made to cybercriminals rather than the intended recipient.

What can your business do to avoid them?

  1. Asset management: Commit to continuous, real-time identification and monitoring of all the IT assets owned by your organisation. Without understanding what you have, you can’t protect it. 

  2. Patch management: Create a robust patch management policy to protect your business. As soon as software vulnerabilities are discovered, cybercriminals work to exploit them, so prompt patching is essential.

  3. Robust endpoint security: Quite often the last line of defence – make sure you are using a robust solution on your devices.

  4. Multifactor authentication (MFA): Imagine you have a safe full of valuables. Now imagine those valuables are your business’ data. The safe is protected with a code. If a thief discovered the code, they could open the safe. Adding another layer of security makes the contents of the safe much more secure.

  5. End-user education & ongoing testing: Awareness of common cybercriminal tactics means your staff can raise suspicions and act as another line of defence.

To find out more, visit www.tribeca-it.com/.

Tweets from @SEBmagazine