VSE / SME: 8 Tips To Avoid Cyberattacks
A common misconception: “Small businesses have nothing to fear from cybercriminals; they only attack large entities. » However, it turns out that 43% of cyberattacks target SMEs *. Small and medium-sized businesses are also prime targets because, just like larger companies, they have data that can be stolen and resold on the dark web. In addition, these companies can act as a gateway to reach a larger company.
Remember that a cyberattack can have devastating effects on a company. Your business is at significant risk, whether phishing, ransomware or malware. Some had to close their doors due to cyberattacks. As a result, it is therefore essential for VSEs or SMEs to adopt the right actions to protect their data and implement a cybersecurity strategy.
Here Are Eight Tips You Can Apply Right Away To Avoid Cyberattacks:
Create Strong Passwords
The main success of cyberattacks is due to using passwords that are too simple for users. Here are some tips to strengthen your passwords and thus further secure your different accounts: Avoid anything related to your life (family member, date of birth, etc.). This information is easily found, especially on your social networks.
Do not reuse the same password, even if you make a slight variation. I prefer a password for an account. If you are worried about not retaining them all, you can use a manager (Dashlane/Dashare/Keepass). Passwords that are longer are considered too weak. For this reason, a minimum number of characters is required (ideally 12 characters) with mandatory instructions (capital letters, numbers, letters, and special symbols).
Google gives different ideas for creating a long password: lyrics taken from a song, a series of words that make sense to you, or an abbreviation formed from the first letter of each word in a sentence. Do not use common words or sequences: “azerty”, “abcd”, “1234”,…
One Password Is Good; Two Is Even Better!
Having a strong password does not guarantee optimal security. Cybercriminals have many tricks to steal your login information. To increase your security, you can now use multi-factor authentication. It’s a fancy name, but you may already know this function, especially for bank payments. This is an additional barrier.
It could be :
- Either a requested code that is sent to another of your accounts (an email address or your mobile)
- Or a connection alert. Indeed, you are informed when a new device connects. If you receive a warning and it’s not about you, escalate your issue to your IT or security team and change your password.
Don’t Delay Updating!
The updates allow for improving and correcting certain flaws, particularly security. Take time with these updates because cybercriminals use software flaws and configurations to attack. Ensuring good management of updates gives you more peace of mind and better protection daily.
Install Antivirus And Firewall Pro
A professional firewall and antivirus are essential equipment for a company today. The firewall makes it possible to detect and counter all malicious actions coming from the outside. Antivirus provides additional protection. As its name suggests, it identifies and removes internal and external viruses and malicious software.
To gain security, you can also provide yourself with an anti-spam solution. This software lets you secure your mailboxes and automatically delete unwanted emails. However, regularly updating its various equipment is essential to ensure proper functioning.
Make Your Employees Aware Of Various Threats.
Do you know that 90% of cyber incidents are related to human error **? Good security equipment is essential, but you must make your team aware of cybersecurity to optimize your security. Humans play a crucial role in cyber defense strategy. Through negligence or ignorance, one of your employees may click on a malicious link from a phishing email and install malware on your network.
Or, he can respond to an email impersonating a person in the company, a manager or a partner and transmit confidential data (bank details, customer list, etc.). Therefore, your company needs to implement a cybersecurity learning and awareness strategy. This way, your employees can recognize possible cyberattack methods, report them and adopt the correct behavior.
Schedule Regular Backups Of Your Data
Your business has fundamental data. In addition to an antivirus and a firewall, it is necessary to have a backup solution to protect them. The goal is to periodically make a copy of the data on one or more other media. In the event of a breakdown or cyberattack, a backup will allow the company’s data to be quickly restored. We recommend the 3-2-1 rule : 3 copies of your data; stored on two different media, including one off-site copy. We also advise you to make regular backups to ensure a minimum loss.
Control Your Network
Before monitoring your network, it is necessary to know what to watch. To protect it optimally, you must list everything that composes it, whether computers, security cameras, smartphones, printers, etc. All the devices present on your network constitute a risk.
Once your hardware has been accurately mapped, you should appoint a responsible employee to monitor network activity and report suspicious or dangerous behavior. Network monitoring has every interest to be continuous so as not to miss any intrusion or other security problems.
Anticipate The Cyberattack
It is essential to remember that, despite using preventive cybersecurity equipment, a company can never be 100% protected. She may be the victim of a sophisticated computer attack from a new hacking technique. Therefore, preparing yourself to deal with it is in your best interest. Two essential processes will allow you to survive or limit the impact of an attack or hardware failure, technical failure or other incidents that could alter the company’s operation: the PCA and the PRA.
- The Business Continuity Plan (BCP) is the set of measures that guarantee the continuity of your company’s IT services and systems in case of a breakdown or incident. It is a plan that will help better manage the situation during the crisis.
- The Disaster Recovery Plan (DRP) is the set of measures ensuring the resumption of activity of your computer system in the event of an incident within a given time frame.