How SMEs Can Secure Their IT System: Simple Steps

Posted by Written by Christopher Liptau Reading Time: 4 minutes

SMEs frequently underestimate the importance of cybersecurity to their business. It’s often not a question of “if” your company will be attacked but “when” .

Cybersecurity is an often-overlooked item in small and medium sized companies (SMEs), putting these companies at risk every day. Lack of IT experts, fear of high costs, or even lack of interest can push down the checking of a company’s IT system as a matter of priority.

But attacks on IT systems happen. They happen every day, 24 hours without break. No organization that uses a computer or a phone is exempt from it. The attacks on an IT system come from many sides, be it from disgruntled employees within the organization or external actors with bad intent.

They are done, for example, through “phishing”, “whaling”, or “spoofing”. A successful attack on an IT system gives fraudsters access to your data, your customer’s data, and other vital information of the company.

A data breach can have disastrous consequences to any company, resulting in financial loss, loss of reputation, as well as legal liability.

What are the most common types of cyber threats?

Getting access to an IT system can be easy and attackers often search for the weak spots in a system before an attack. While not the only access point, email attachments are the most common way that harmful files enter organizations.

Common ways of getting access via email are mentioned below.

Phishing

If a third party impersonates a genuine source to send or infiltrate fraudulent communications, such as impersonating banks, App shops, or email providers, then it is called “phishing”.

The phishing emails tend to look genuine but lead to fraudulent URLs and fake websites, tricking the user into sharing personal data, such as your company’s email log-in data.

Whaling

A special tactic is to target high level executives employees, under the assumption that they are too busy to monitor all their emails, leading the target to share sensitive company information and give away their log-in data.

Spoofing

This happens when someone pretends to be a genuine IT system with the intention of stealing your data and it can be hard to detect.

Ransomware

This is a different kind of threat to your organization and often enters a system with the help of negligent users.

Once inside an IT system, ransomware can lock and encrypt your data, will limit access to your files, or can leak system data to the outside, forcing the rightful user to pay ransom to the criminals in order to unlock the data.

Simple steps to protect your firm’s IT infrastructure

It doesn’t take much to start protecting your own system. Here are some practical suggestions you can implement in your company.

Update your systems

A system that is not updated and patched with the latest official updates is vulnerable.

Make sure that your complete system is up to date and run anti-virus and malware protection software.

Add protection

E-mail screening programs and plug-ins work with existing email software and monitor incoming emails.

Other software plug-ins can monitor outgoing traffic and inform you of suspicious activities.

Train your employees

Your employees are the people who use your system every day and often they are unaware of threats.

Send regular threat advisory updates to keep them up to date and give them more knowledge about the various threats to protect your organization.

Do an IT health-check

A full analysis of your business operations, work flow, and internal procedures can help to expose weak spots.

Once weaknesses are known then you can form your strategy and protect your system.

What to do when your firm has become the victim of IT fraud? 3 quick tips

In case of the worst-case scenario where a data breach has taken place –  firms should have their response ready.

Start now and speed up your reaction time to minimize the financial and legal liability for your company.

In this situation, some simple steps can be taken that will help you in the event of an IT breach.

Back-up your data

Make secure data backups regularly and in a safe location in order to avoid the complete loss of all your data.

Bring in the experts

Trying to hide the fact that you are a victim will not help and might cause even more damage.

Inform your internal or external IT team about suspicious activities and tell them what has been done and what you think has caused the breach. Share all evidence (laptops, mobile phones, etc.) with the IT staff.

Tell your customers

Depending on your location, you might be legally required to inform your customers of a successful IT attack on your system and that their data might have been compromised.

Even if there is no legal obligation for you, coming clean to your customers is often the best option for a company. Inform your customer about how you’re dealing with the situation.

The most effective response policies are tailored to fit the situation faced by each company, individually. External experts are best placed to give valuable advice on how your firm can and should react in order to limit your liability.

The best course of action is to protect your system in advance.

Speak to one of Dezan Shira & Associates IT specialists for a consultation on IT security and keep control of your data. They can help you find the weak spots in your system, train your employees, and keep attackers out of your system.

This article was originally published by China Briefing on August 28, 2019 and was re-posted by ASEAN Briefing on September 12, 2019.

About Us

ASEAN Briefing is produced by Dezan Shira & Associates. The firm assists foreign investors throughout Asia and maintains offices throughout ASEAN, including in SingaporeHanoiHo Chi Minh City and Jakarta. Please contact us at asia@dezshira.com or visit our website at www.dezshira.com.