Business Information Security – Cybersecurity Services

How can your SME be protected from cyber attacks?

Katherine Alejandra Saldarriaga Chango // 23 de octubre de 2018

PYME R3 CyberSecurity

According to the statistics of the INE reports, the business fabric is made up of 99.9% of SMEs. These integrate small and medium enterprises with a number of employees less than 250. However, are we aware of the threats to which our SMEs are exposed, if we do not take the corresponding cybersecurity measures?

On the other hand, last year, according to data from the Spanish Observatory of Computer Crimes (OEDI), in Spain there were 81,307 cybercrimes. Being Andalucía, Madrid and Comunitat Valenciana the main objectives. This statistic of cybercrime has not stopped increasing year by year.

Also, a study in the UK, has shown that SMEs are now more likely to be the main target of cyber attackers. This is because they handle personal and confidential data; in addition, its great dependence on computer systems (cloud, mail, etc). That is why it is essential to have a protection plan against computer attacks.

Therefore, in this article we will talk about some tips that will help your company to be protected and / or minimize the impact of possible cyber attacks.

How can I prevent cyber attacks?

Antivirus – Anti Malware protection

It is an obvious recommendation, but it is important to point it out. 80% of victims of cyber attacks, did not have any protection. It is not just about installing any antivirus, it is better to hire a complete security package that protects the computer and malicious networks and is up to date with the updates.

Encrypt important and sensitive data.

Bank accounts and information of our clients and / or employees must be encrypted, because it is precisely what cyber criminals seek. Disk encryption tools are recommended, which are for most operating systems.

Change passwords regularly.

Passwords are the first gateway for cybercriminals. If you have an insecure password, we could say that you are offering the keys to the company to the cybercriminals. Each name and user is an access point for the cybercriminal and take control of the network. The recommendation is to periodically change the passwords, to minimize the access door.

prevention plan R3 CyberSecurity

Control of removable devices.

It is important to use secure devices (USB, CD, DVD, SD Cards), any type of memory that is provided by a Systems administrator. To have an order, know who uses them, where they are, and what they contain. These devices must be used exclusively for the company.

Dispositivos R3CyberSecurity

Sensitize employees.

Educate and raise awareness in our team is something that we can not escape. It is essential that they know and apply the security policy that the company will use. For this, the company can include a clause policy in contracts such as implementing policies for use and access to information to identify the one that can not leave and avoid leaks. Finally, periodically remind the team of these good safety practices.

Protected Network.

Most attacks occur through Wi-Fi networks. The network of the company must be protected, both for external and internal attacks, checking if the internet provider includes a firewall that controls network connections to access the internet. Given this, configure it properly; not to name our network with the commercial name of the company, to avoid the use of WEP encryption and better if we filter the IP or MAC of the devices that can be connected

What should I do if I have an atack on my SME?

1. Implement the prevention plan

The first thing to do is apply the action protocol. If a protocol with preventive security measures has been previously established, executing it would be the most logical option. In this way you can minimize the damage to your company.

 2. Contact the authorities

If you have been a victim of a computer attack, contact them. You are composed of teams of experts that can help you and advise you on how to react.

3. Contact a specialized company.

Companies dedicated to cybersecurity know how to act in this type of situation. They offer services such as forensic analysis that allow to know what is the origin of the attack. They can also advise measures that must be put in place to minimize the damage.

 4. Report the incident

According to the RGPD of the European Union, organizations that manage personal data must notify the attack within 72 hours. This can prevent false profiles from being created with collaborators’ data and crimes with said data.

Katherine Alejandra Saldarriaga Chango | Digital Marketing Assistant en R3 CyberSecurity

Share the post with your friends




Conoce todas las oportunidades profesionales que te permitirán alcanzar tus metas personales.

R3 Ciberseguridad

© R3 CyberSecurity