By Dillon Gray
There are a multitude of cyber security controls that businesses can implement and leverage to protect against cyber threats, but we’ve selected five of the best that are ideal specifically for SMEs.
In today’s digital, data-driven economy, cyber security is the foundation of any strategy because cyber threats are increasing in volume and in sophistication.
SMEs don’t always have the budget and resources at hand to defend themselves. Information is invaluable to the business leader, especially details that can end up saving thousands - if not millions of Rands!
But it is important to keep perspective and many tech vendors paint a very bleak picture to trigger a response from the market and a rush on to purchase solutions.
With these controls in place, businesses are generally considered to have done the best they can to protect themselves.
The first cyber security control is user access control.
In South Africa, the average length of time to identify a data breach is 177 days, globally it is 207 days… you could argue that South Africa is a bit more security conscious than other regions. But why does it take 177 days? There is a misconception about hackers, that they are masked figures acting alone somewhere unknown – this is simply not the case. Today’s hackers are sophisticated, work in syndicates and use the latest technology, like AI, to target a broad base simultaneously.
Once they have access to your environment, they won’t initiate attacks straight away.
No, they are going to do their homework, they are going to study their target and find out if its viable, whether or not they will get a return on their investment of time and skills.
It is vital to routinely authenticate users before granting access to applications or devices, using unique credentials, make sure to have an off-boarding process implemented to deactivate accounts of employees who leave, for example.
Organisations can implement two-factor authentication, that user admin accounts are used to perform admin activities only, and remove or disable special access privileges when not required.
The key thing here is to make sure you know who is logging into your environment and can you identify them?
Control number two is Secure configuration
It’s very easy to rely on the purchase of new software, for example, and believe you are now fully protected.
The problem is you haven’t changed the default settings, all know what that default settings are – so you’re not safe at all! You must remove any unnecessary user accounts, on any device accessing the network. If it’s unnecessary, then remove it!
It’s important that businesses do not allow employees to install software that is not critical to fulfilling their function in the business – the more software components, the more patching required, and the higher the security risk.
Disable auto-run features, those without user authorisation. Every single person must be authenticated before they are granted access – especially in terms of financial information.
Control number three – Patch Management
Many businesses struggle with this one because most are under the misunderstanding that ‘the IT guy’ will take care of this!
In the IT world, that guy is fighting fires 99% of the time, so something like patch management will slip through the cracks. You need to automate this (patch management) as best as possible, there are tools available, third-party tools… we have a whole workflow that automates this for our customers, from the servers to the switches to the firewalls down to the physical laptops and end-user devices. Whatever software you are running in your environment must be licensed and supported.
Fourth control – Firewalls
The firewall is critical because it is your access point into your network.
It protects you from the outside, but it also protects people on the inside from accessing malicious content,.
Key aspects to bear in mind: change any default administrative password to an alternative – using best practices – or disable remote administrative access entirely, block unauthenticated inbound connections by default, ensure inbound firewall rules are approved and documented by an authorised individual; and use a host-based firewall on devices that are used on untrusted networks, including public Wi-Fi hotspots.
And control number five - Malware
To simplify this control area – a minefield of acronyms, there are some points to keep in mind, including keeping software up to date with signature files updated at least daily.
Anti-virus is a well-known term, but that is one component – there are many enhancements on anti-virus, like EDR, MDR, and XDR.
Traditionally an anti-virus downloads a signature file to your device and then any file coming into your device will be compared to the signature file. If it is listed in the signature file, then it is deemed to be malicious - so the signature file is really a list of all the bad stuff.
It is critical to configure software to scan files automatically upon access, ensure software scans web pages automatically when they are accessed through a web browser, and ensure software prevents connections to malicious website.
The last line of defence – if all else fails – consider data protection and backup. Factor in automation, incremental and differential backups, encryption and multiple backup destinations.
Dillon Gray is the COO at IPT.
BUSINESS REPORT