SMEs have undoubtedly faced a huge range of challenges through COVID-19 and one that certainly deserves attention is cybercrime. With more employees working remotely, there is a greater risk to organizations. And if businesses want to keep their networks protected against criminals and hackers, they need to practice good cyber hygiene.
Cyber hygiene is often thought of as the digital equivalent of personal hygiene, and perhaps the comparison here is especially apt in reference to the COVID-19 pandemic. Good cyber hygiene consists of the things that businesses do on a daily basis to minimize their risk of falling victim to cybercrime.
Here we look at ten tips to help SMEs improve cyber hygiene through COVID-19 and beyond.
1. Conduct regular risk assessments
COVID-19 has changed a great many things – and cybersecurity is certainly one of them. Consider the fact that far more people are working from home through COVID-19, widening the potential surface area of attack for cybercriminals. It is vital, then, to conduct a cyber risk assessment that takes into account the changing digital environment.
2. Get management on board
In 2020, cybersecurity is not something that businesses can leave to the IT team. Good cyber hygiene takes work from the whole of the company – and that has to come from the top down. In SMEs, it is essential that IT staff make management aware of the new dangers posed by cybercrime, and get them on board in helping to create and foster a security-aware culture.
3. Improve employee awareness
Cyber hygiene is the responsibility of the whole company. But employees can’t be expected to do their part without being provided with the right information and training. It is essential that you put a program in place to ensure that all members of the team understand the seriousness of cybersecurity and the vital role that they play in defending the company. And it is essential that this information is regularly updated to ensure it is relevant – many phishing attacks now use issues relating to COVID-19 as the way to lure in unsuspecting employees.
4. Install essential updates
There can be no doubt about it – updates are an essential part of cyber hygiene. And this means updating everything from PCs and servers through to mobile phones and tablets. Any device that interacts with the company network needs to be up-to-date to keep it as protected as possible against cyber-attacks, as these machines are open to significant vulnerabilities when not updated.
5. Control access management
Access management is one of the staples of good cyber hygiene. It refers to limiting the amount of access that each individual account has to data on the company network. Doing so mitigates the risk of a cyber-attack should criminals be able to compromise an account. Every member of staff should only be given access to the data that they need to do their job. Even administrators and IT specialists should have different accounts for their day-to-day roles from their administration accounts.
6. Keep backups
Hardly a revolutionary thought, but one that far too many SMEs overlook: backups are essential. An inability to retrieve data could be extremely damaging to the business, so it is vital that this information should be backed up; it is a good idea to have online backups as well, as those offline and unconnected in any way to the standard system. This can help minimize the dangers posed by ransomware attacks.
7. Focus on endpoint protection
One of the biggest changes coming as a result of the COVID-19 pandemic is the greater propensity for staff to work remotely. While this has had many benefits for SMEs, it has also widened the attack surface as members of staff are now working from a wider range of endpoints.
“As key vulnerable points of entry to your organization’s network, endpoints represent a significant security risk.” (Redscan)
Additionally, working remotely leaves workers without the protection of the company firewall. It is important for SMEs to focus on endpoint protection.
8. Control remote access
It is now also common to see employees using remote access to do their work through a Virtual Private Network (VPN). Once again, the enhanced benefits come with challenges too; businesses must be certain that the remote access of their employees is secure and encrypted.
9. Monitor network activity
As workers begin to return to the office, it is important to monitor network activity. It is suspected that cybercriminals may have been able to access systems over the course of the pandemic so far and may now be simply waiting for workers to return. If the network monitoring picks up suspicious activity, this can be dealt with before cybercriminals are able to strike.
10. Put an incident management plan in place
All SMEs need to have an incident management plan relating to cybersecurity – this ensures that everyone knows what they have to do in the event of a cyberattack. It allows the company to react as swiftly as possible to the situation and minimize potential damage.