Cyber crime in SA is increasing at epidemic proportions, and small to medium-sized enterprises (SMEs) have become key targets.
So says Doros Hadjizenonos, sales manager at Check Point Software Technologies, who notes that SMEs rarely recover from cyber attacks, but that there are simple steps they can take to protect their businesses.
He believes passwords are the first line of defence when it comes to security. "Cyber criminals trying to break into your network will start their attack by trying the most common passwords. Ensure your employees and users are using long, complex passwords," he says.
Hadjizenonos explains that all it takes is one open door to allow a cyber criminal to enter a network. "Consider all the ways someone could enter your network; then ensure that only authorised users can do so by ensuring strong passwords on laptops, smartphones, tablets and WiFi access points. Use a firewall with threat prevention to prevent access to your network."
He mentions the importance of separating networking into zones in order to protect the different zones appropriately. "One zone may be for critical work only, where another may be a guest zone where customers can surf the Internet but not access your work network," he notes.
Hadjizenonos urges SMEs to formulate a security policy as well as to think about what applications they want to allow in their networks. He also encourages them to educate employees on acceptable use of the company network and monitor for policy violations and excessive bandwidth use.
Social media sites are a gold mine for cyber criminals looking to gain information on people, he says, and attacks such as phishing, spear-phishing and social engineering all start with collecting personal data on individuals.
"Educate employees to be cautious with sharing on social media sites, even in their personal accounts. Let users know that cyber criminals build profiles of company employees to make phishing and social engineering attacks more successful. Train employees on privacy settings on social media sites to protect their personal information," he says.
He points out that one data breach could be devastating to the company or its reputation. "Protect your data by encrypting sensitive data, and make it easy for your employees to do so."
Regular maintenance of the network will ensure it continues to roll along at peak performance and hit few speed bumps, he notes, advising that companies enable automatic updates where available - Windows, Chrome, Firefox, Adobe.
Hadjizenonos also calls on organisations to be cautious of cloud storage, as any content that is moved to the cloud is no longer in the company's control.
"When using the cloud, assume content sent is no longer private. Encrypt content before sending, including system backups, and check the security of your cloud provider. Don't use the same password everywhere, especially cloud passwords."
According to Hadjizenonos, it is vital for a company to disallow employees to use a Windows account with administrator privileges for day-to-day activities, as administrative access allows users much more freedom and power on their laptops, creating an opportunity for cyber criminals to move in.
"Make it a habit to change default passwords on all devices, including laptops, servers, routers, gateways and network printers.
"Create a bring your own device policy. Many companies have avoided the topic, but it's a trend that continues to push forward. Consider allowing only guest access Internet for employee-owned devices. Enforce password locks on user-owned devices. Access sensitive information only through encrypted VPN. Don't allow storage of sensitive information on personal devices, such as customer contacts or credit card information. Have a plan if an employee loses their device," he concludes.
Share