Giuseppe Brizio, CISO EMEA, Qualys, tells us how SMEs can bolster their data security.
SMEs often have to walk a fine line between investments in technology solutions that are critical to the business (ERP solutions, CRM systems, financial tools, etc) and those that can protect the organisation from cyberattacks. Often SMEs choose to prioritise the former, which is fine if it is just for a short period of time. But given, that a cyberattack is a matter of when, rather than if, it’s definitely not worth remaining exposed for the long run as it can truly jeopardise the entire SME business with potentially unrecoverable financial consequences.
SMEs are often under the misconception that they aren’t high-value targets for hackers and, as such, immune to cyberattacks. But the truth is that they might become a relatively ‘easy’ entry point for a cyberattack aimed at compromising a larger company that the SMEs does business with. In today’s globalised and interconnected world, and particularly given that most of the large enterprises have sophisticated security defences, attackers have started looking at an organisations’ entire value chain in order to identify and attack its weakest link.
For SMEs looking to sure up their cybersecurity defences, it starts with addressing the human factor which is the most exploited vulnerability that hackers take advantage of. This means training employees about security policy such as password management (i.e. use complex password, changing password often, unique password etc.) and cybersecurity, educating them about how to recognise cyberattacks and avoid falling into cyber traps such as phishing and social engineering. This is not just a one-off session, but actually an on-going training programme to make employees aware about new arising cybersecurity risks and ensure discipline in protecting company data.
In today’s age of Digital Transformation, there is more exposure to IT security risks than ever before, but by the same token, there are also several affordable new technologies that SMEs can adopt to secure their IT environments and protect their data.
Cloud computing for instance, through a reliable Cloud Service Provider (CSP), gives SMEs an opportunity to step up their IT and cybersecurity while maintaining financial flexibility and without having to burden in-house resources, compared with deploying and managing IT solutions in house.
To safeguard user access, two-factor authentication provides a further level of security, usually requiring users to input a PIN code (or similar sent to the user’s registered smartphone) in addition to username and password to gain access. This limits the risk of an intruder gaining unauthorised access in case username and password are compromised.
Regular backup of company data is an essential last line of defence against the more frequent ransomware criminal acts which can, at best disrupt, and at worst destroy a company’s business.
Finally, the utilisation of scalable IT technologies for continuous security purposes – particularly ones that are able to provide visibility on the vulnerability surface and assess the risk exposure and security posture – are essentials to prevent and effectively respond to cyberattacks in order to protect company data and IT assets.