Understanding cybercrime is not in the purview of most SME’s?
We live, work, communicate, play and shop in this arena, but in most cases we know little about the digital world where all that happens.
We know that we need computers, phones and tablets to make business easier, faster and more competative. But we have little understanding on the underlying systems that make it all work.
The bad guys, hackers, script kiddies and hacktivists, know this and they leverage this to perform attacks on anyone and everyone who is connected to the internet.
As an SME, what can you do about it?
Here are 4 things that will drastically improve your cybercrime prevention strategies.
Manage the risk!
Not everything inside your organisation requires it to be protected like the keys of the kingdom, fort knox or the crown jewels. There are many facets of an SME where the information is readily available.
There is also information that needs to be protected.
- Financial information – bank accounts, credit card details, transfer requirements
- Personal Identification Information PII – any information that can personally identify, you, your clients or your staff and could be used to create major problems
- Intellectual property – IP, trade secrets, anything that if your opposition got hold of it would put your organisation at a disadvantage.
Back it up!
The reason this is second is because you need to know what risk is associated with what data and that association needs to be documented. How important it is to have other copies of the information.
In the case of a ransomware attack, the only 2 courses of action are available for critical data, have an alternative copy or pay the ransom. You really do not want to be in that situation. The problem is with ransomware, you soon find out information for the everyday running of the business becomes highly critical.
The number of times we have been called into an organisation that is not a client that does not have a viable backup has become ridiculous.
If you are going to have a backup you also need to know if it will work – turn off the computer and do a test restore, if it recovers then OK, if not what happened, what are we missing, what did you miss?
Make passwords worth it!
We all hate, loath and detest passwords, but it is a necessary evil in today’s digital world. Passwords have to have the following characteristics:
- Length – the longer the better but they have to be more that 9 characters (no matter the site)
- Complex – they have to have characters, capitals, numbers and symbols
- Unique – every site needs to have a different password.
Train them well!
The digital world is a complex environment and most of us forget how easy it is to get lost and confused. Regular training – as an on boarding process, as a refresher course, as signs, messages and emails, is vital to keeping cyber security, business security and cybercrime in the forefront of all business employees.
Getting these four ideas in place along with the right technology, management and resilience components makes your SME more secure that most others. Moves you from the low hanging fruit and put you in a better place to protect your clients, organisation and staff.
Roger Smith is the CEO of R & I ICT Consulting Services, Lecturer at ADFA (UNSW – Australian Centre of Cybersecurity), Amazon #1 selling author on Cybercrime, author of the Digital Security Toolbox and the SME Digital Security Framework. Rapid Restart Appliance Creator. He is a Speaker, Author, Teacher and Educator on cybercrime and how to protect yourself from the digital world.