With constant surges in cyber threats targeting SMEs, firms that have been neglecting tightening cybersecurity can benefit from the following tips.

To small business owners faced with the responsibilities of production economics, financial reports and marketing all at the same time, cybersecurity can often appear complicated and, at times, a severe burden.

However, this is exactly why cybercriminals target such small- and medium-sized organizations (SMEs).

To prevent such losses, SMEs can take heed of some tips from Kaspersky, whose researchers have collected data on the most frequent attacks on small businesses around the world and found a significant increase in the total number of attacks between January and April 2022.

SME cybersecurity tips

A small business’ first cybersecurity front begins with its employees. The information that they have access to can vary from financial information or customer data to the secrets of their company’s development. Cybercriminals are aware of this, which is why most attacks on companies are conducted through its employees, who are often untrained in the cyber-risks associated with their role.

Starting with this fact as a base, the following tips and trends will be useful:

  • Provide staff with basic cybersecurity hygiene training as many targeted attacks start with phishing or other social engineering techniques
  • Use a protection solution for endpoints and mail servers with anti-phishing capabilities to decrease the chance of infection through phishing emails
  • Protect all work devices, including computers and mobile phones with value-added software protection solutions designed to help protect startups and SMEs that even small businesses with limited IT resources can afford
  • Take key data protection measures. Always safeguard corporate data and devices, by using password protection, encrypting work devices and ensuring data is backed up regularly.
  • Keep work devices physically safe: do not leave them unmanaged in public; always lock them and use strong passwords and encryption software
  • Send IT staff for advanced security training to keep them up to date with the latest cyber threats. Through continual training and education, they will be able to analyze how threats may hit their particular organization and adapt technical and organizational cybersecurity measures accordingly, helping avert additional costs related to breaches of their corporate systems
  • Ensure that the IT infrastructure is equipped with the right security solution to enable attack visualization and incident analysis. The faster an SME can analyze where and how an incident occurred, the better it can manage any negative consequences
  • Have a incident response plan in place to mitigate an cyber event—this is particularly true if a threat infiltrates the system and goes undetected—which is entirely possible if network monitoring and automated threat detection mechanisms are not in place.

Finally, according to Denis Parinov, Security Researcher, Kaspersky: “For small companies today, it is not a matter of whether a cybersecurity incident will happen but when. Having trained staff and an educated IT-specialist is no longer a luxury but a must-have part of your business development.”