Smaller organizations must focus on basic cyber security hygiene this year…
- Published: Tuesday, 14 January 2020 09:22
The latest cyber security innovations may be attractive, but many small and medium sized organizations are still failing to implement basic protection and controls, leaving them vulnerable to what should be trivial and easily prevented attacks. In 2020, such organizations should focus on fundamental cyber security hygiene, which represents the best return on investment for smaller organizations wanting to strengthen cyber resilience.
Thomas Owen, Head of Security at Memset commented: “We work closely with our small and medium sized enterprise (SME) partners, and we see that many of them struggle with outwardly simple activities that would greatly help their security and cyber resilience. Whether they lack skills, budget or time, or are limited by legacy design choices or customer requirements, they can often be extremely vulnerable to attacks at scale. Our practical advice comes down to strong non-default passwords, implementing 2FA on critical logins, regular patching, having a firewall and putting malware prevention in place. If those controls aren’t ready, management might need to rethink their priorities, as the risks are increasing at an unsustainable rate."
Specifically, organizations should:
- Immediately stop using default logins and adopt multi-factor authentication.
- Regularly patch software, even if this means taking systems out of use for a short time. Scheduled downtime is preferable to a breach or catastrophic outage from ransomware.
- Back up key data and systems. Data that isn’t backed up will eventually become unavailable.
- Deploy firewalls locally on laptops and PCs, and across their infrastructure. Design the ACLs carefully.
- Have a clear, practical policy on who can access their data – including those gaining access through supply chains.
Owen continues: “If these controls are already in place, businesses could do worse than to take a long, hard look at the risk provided by their supply chain. Alternatively, MSPs are coming into the market that can provide security monitoring and incident response services at a price and scale that is attractive to SMEs. The ability to detect and respond to an attack is a critical next step, once basic hygiene is in place. Lastly, businesses should also consider investing in controls and training to reduce the risk of social engineering.”