Common cyber threats facing small and medium businesses, including startups, are malware, viruses, ransomware, and phishing. Here are seven best practices to prevent them.
Heaptalk, Jakarta — Cybersecurity issue is not only a concern for large companies but also for small and medium companies since the risk of threats can be devastating. The United States Small Business Administration (SBA) mentions the typical cyber threats facing small and medium businesses, including startups, namely malware, viruses, ransomware, and phishing.
Fortunately, all of these cyber threats can be overcome. Some types can be handled more easily than others, but still, require effort and focus by the team involved. Founder and CEO of AaDya Security Raffaele Mautone revealed some of the basic things startups can do to protect their virtual environments that have been the target of recent cyber threats, cited from Startup Nation.
-
Assess current defenses
To start with, companies can take an assessment of the current IT security defenses. There are several basic things to check whether it has been fulfilled or not, spanning firewalls, security applications and software tools for cybersecurity, company security standards, plan in the event of a breach, areas to consider employing the help of an external service provider, and the most vulnerable areas.
-
Update system and software
Many software updates contain essential security patches. The sooner companies implement it, the better. If there is no IT manager, companies should designate a key person to communicate with the rest of the team when updates are available and ensure they run them.
-
Take advantage of password managers
Weak and reused passwords can easily be guessed by hackers who create entry points into corporate systems and applications. Companies are advised to use a password manager to generate, store, and audit password health.
-
Protect accounts with multifactor authentication
Multifactor authentication can keep criminals away from enterprise applications by requiring some form of authentication which always includes several combinations of something you own (a device or bank card), something you know (a password or PIN), and something about yourself (a biometric like a face or fingerprint). Most applications will allow companies to enable this in the security settings. If possible, it is recommended to use a third-party authenticator app over the texting method (SMS).
-
Protect endpoints
Part of a good multi-layered approach to cybersecurity is ensuring the endpoints are protected. Better known as antivirus software, more sophisticated versions of endpoint protection and response (EDR) adopt new technologies, including machine learning. EDR goes beyond traditional antivirus protection as it can detect changes in the system or user behavior and quarantine anything suspicious to reduce potential cyber threats.
-
Train the team to detect suspicious links and emails
User behavior remains one of the most common reasons for business violations. Companies should make sure everyone in the organization, from the leadership team down, understands the importance of thinking before clicking or responding to requests. Phishing attacks can come in many forms, for example, emails from bosses asking for bank information and fake texts from Amazon. The goal, surely, is to get the recipient to click on a malicious link or provide proprietary information.
-
Ensure cybersecurity practices evolve with startups
As a business takes off, exposure increases, making it a more attractive target for hackers. Therefore, startups have to make sure not to neglect cybersecurity as the company grows. As budgets increase, companies should prioritize investing in more sophisticated cybersecurity tools and practices. Leveraging more comprehensive software and services from external service providers can also be considered to strengthen cybersecurity.