NordVPN Teams, a cloud-based VPN for business provider, has offered advice to SMEs looking to bolster the security of their company data.
Juta Gurinaviciute, Chief Technology Officer at NordVPN Teams, said: ‘’It is frightening to see such important economic drivers lagging behind when it comes to adopting strategies for fighting threats.
“Today, SMEs can be considered the new big target for attacks, yet cybercrime prevention is often neglected within their environment. With millions of employees working remotely, workers are accessing company data without the safety of a fortified corporate network. This has made them easy targets for hackers and scammers.”
The NordVPN Teams have outlines steps SMEs can take to protect their company data:
- Risk assessment. The main assets your company has and the threats it faces should be identified and prioritised.
- Security training. General security policies need to be drawn up and implemented and staff have to be appropriately trained ad-hoc, whether remotely or in person.
- Devices. Laptops and mobile devices must be secured with strong passwords or biometric identification. Devices should operate on a platform that can be remotely tracked and deactivated in an event of loss, theft, or any other misuse.
- Passwords. Employee passwords should be unique and changed regularly. The use of a password manager is imperative to prevent password leaks while using emails or other critical applications.
- Remote access. Only secure virtual private network (VPN) connectivity should be allowed for remote access. In addition, only whitelisted IP addresses or device IDs should be allowed to access systems, as this will allow access to authorised users only.
- Treat every email with zero trust. Because of the remote work environment, the amount of information exchanged over the Internet through virtual conferences and emails has skyrocketed. Establish a process that enables employees to report anything suspicious and share regular updates and information about phishing emails.
- Updates. Keeping everything, including servers, workstations, smartphones and others up to date is key in cyberhygiene. Applying security updates is part of this process. Ideally, it has to be automated to a certain degree and the updates can be tested in a testing environment.
- Backups. Having backups is vital prior to installing updates. This will also protect the environment from attacks such as ransomware. Keep the backups offline, test them and have backup duplicates.
- Endpoint protection. Antivirus software is just one of the many ways to secure network endpoints. Anti-malware, anti-spyware and firewall software should also be installed to detect and eliminate threats before they become problematic.
- Incident management plan. Having a plan for how to handle incidents will help mitigate loss in the long run. At the very least, staff have to be trained to recognise a data breach and know to whom they should report the breach and when.