Cyber fundamentals for SMEs

Security

by David Sirignano on March 14, 2024

We all know that small and medium sized enterprises (SMEs) are the lifeblood of our economies and I have had the fortune of working to either protect them or their finances for many years now. What is surprising is the number of SMEs who are still either unaware of the risks in today’s digital age, or simply haven’t got the time or resources to protect themselves against increasing cyber and fraud attacks.

SMEs have limited resources but they have valuable data and whilst they don’t always have huge revenues to pay for ransom payments, they are a hugely attractive target for cybercriminals and fraudsters. Understanding and implementing fundamental cyber security practices is no longer optional; it’s essential for the survival and growth of an SME business.

The threat landscape

The cyber threat landscape is growing but some threats are more common for SMEs including phishing, malware and ransomware. However, there is a specific risk around Authorised Push Payment (APP) and Business Email Compromise (BEC) fraud. These attacks can cripple operations, lead to significant financial losses and damage an SMEs reputation.

So what can you do about it? It’s all about basics and awareness!

Here are my four top tips:

1. Employee Awareness and Training

The first line of defence against cyber threats, especially fraud, is your staff. Educate your team on the importance of cyber hygiene. Simple steps like identifying phishing emails, secure browsing practices and not over sharing sensitive information can dramatically reduce your risk. When paying suppliers make sure you double check all details, especially when you or your staff see red flags like changed bank account details, or any mismatch between the banks account destination and where you think your supplier is.

2. Password Hygiene and MFA

Enforce strong password policies across your organisation. Encourage the use of pass phrases and implement multi-factor authentication wherever possible. It’s a simple step that can prevent many attacks. I can’t stress enough how important it is to enable a second factor by simply using a phone app such as google authenticator. This also holds true for anyones personal accounts online. Whatever it is you want to call it – MFA, 2FA, 2-step verification etc…. Just make sure it is enabled.

3. Regular Software Updates

Keeping your operating systems, applications and any other software up to date is crucial. Many cyber attacks exploit vulnerabilities in outdated software. Set your systems to update automatically wherever possible. If you use an IT Service provider to outsource your IT, make sure you have a quarterly service review meeting and make this one of the items to check.

4. Basic Cyber Hygiene

Implement regular data backups to ensure you can restore your information if it’s compromised. This is now super simple in the world of cloud computing. Again if you have an outsourced IT Service provider, make sure they take appropriate backups of your data and that this is properly protected and segmented. If you have remote workers who work from co-working spaces, cafes or other public areas, consider using a VPN.

Cyber security might seem daunting and super technical, but the reality is that for an SME starting with these fundamental practices can significantly protect against common threats. Remember, most cyber criminals go after the ‘low hanging fruit’ and taking these simple steps can create secure environment where your business can thrive. It’s about taking one step at a time.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_5ZETTGME4T	2 years	This cookie is installed by Google Analytics.
_gat_gtag_UA_51187572_43	1 minute	This cookie is set by Google and is used to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	16 years 4 months	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	These cookies are set via embedded youtube-videos.
yt-remote-device-id	never	These cookies are set via embedded youtube-videos.
yt.innertube::nextId	never	These cookies are set via embedded youtube-videos.
yt.innertube::requests	never	These cookies are set via embedded youtube-videos.