Passwords provide access to our digital identities, enabling us to bank online, order products, and communicate with potential customers via social media. A secure password, or even better, two-factor authentication, is therefore crucial for keeping your online identity safe. However, as a business owner, you can do even more to secure your business and keep cybercriminals at bay.
While it’s true that cybercriminals primarily target larger organisations, almost all small and medium-sized businesses are also at risk. This is worrying, as Alert Online 2024, the annual cyber awareness survey commissioned by the Ministry of Economic Affairs in the Netherlands, shows that small businesses are decreasing their focus on robust cybersecurity. The number of smaller SMEs (fewer than 10 employees) that appear to be taking no security measures whatsoever has risen to 30 per cent. This is a serious concern. Businesses that fall victim to cyberattacks are at a greater risk of going bankrupt. It is important for SMEs to take the tips below into consideration and ensure that their companies can withstand cyberattacks.
1. From password to passwordless
We’ve become used to logging in to social media or devices using biometrics (facial recognition) or an email confirmation. But when it comes to workplace authentication, many small and medium-sized businesses continue to use outdated processes.
If your company continues to rely on usernames and passwords, you’re running a significant risk. Hackers use brute force attacks to bypass basic password security (cybercriminals use automated tools to guess passwords). A passwordless solution is secure. Employees log in with an authenticator app, for example, followed by biometric recognition or a PIN on their mobile phone. The advantages of passwordless solutions, or two-factor authentication, include: no passwords to remember, a reduced risk of phishing attacks, increased user-friendliness, and, last but not least, compliance with laws and regulations.
2. Train your employees
The human factor is the primary cause of cybersecurity problems. A large portion of hacks are made possible by employees clicking on links in phishing emails or downloading infected files to company devices. Some employees also use unsecured networks while working remotely.
The solution is employee training. Employees must be kept informed of best practices and regularly reminded of cybersecurity risks. Keep your team continuously involved in the security process, because good security is the responsibility of all employees.
3. Update and patch your network
Any operating system or business application can contain vulnerabilities. The vendor will regularly release patches when vulnerabilities are identified, and it is then the customer’s responsibility to update their software.
The problem, however, is that as soon as developers release patches, cybercriminals also know there’s a vulnerability in the software. These criminals will then try to find companies that use this software and exploit the vulnerability. So, patch immediately.
4. Use an automatic data backup
If you’ve ever been a victim of ransomware, you know that backing up your files, data, and systems has saved you from a major disaster. Having backups means that even if cybercriminals manage to lock you out of your environment, you can simply restore your data and keep your employees working, minimising disruption.
5. Secure all devices
Many employees use multiple devices to do their work. This includes company-owned desktops, laptops, tablets, and mobile phones, as well as their own personal devices. Other technology, such as printers, TVs, IoT devices, and industrial machinery, is often also connected to the internet. This is good for productivity, but it also needs to be monitored, as every connected device can act as a backdoor into your corporate environment. Therefore, ensure effective endpoint security on all devices.
6. Limit access rights
Firewalls and passwords keep most attackers out. But if they manage to get past the defences, they can do almost anything they want. With advanced access controls, you can build more internal barriers and prevent malicious actors from abusing your data. With Zero Trust policies, for example, you can configure access so that people are only allowed to see certain types of content based on their role, the project they’re involved in, or IP address. So even if someone gets past your defences, there’s only so much damage they can do once inside.
