Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Top 10 security best practices for SMBs

October 2013 Information Security

Cybercrime in South Africa is increasing at epidemic proportions and small to medium businesses have turned into key targets for cyber-criminals. Small businesses rarely recover from cyber-attacks, but there are some very simple steps you can take to protect your business.

Doros Hadjizenonos
Doros Hadjizenonos

Doros Hadjizenonos, sales manager at Check Point South Africa highlights his top 10 security best practices for the South African SMB space.

1. Common passwords are bad passwords

Passwords are your first line of defence when it comes to security. Cybercriminals trying to break into your network will start their attack by trying the most common passwords. Ensure your employees and users are using long (over eight characters), complex (include lower case, upper case, numbers and non-alpha characters) passwords.

2. Secure every entrance

All it takes is one open door to allow a cybercriminal to enter your network. Just like you secure your home by locking the front door, the back door and all the windows, think about protecting your network in the same way.

* Ensure strong passwords on laptops, smartphones, tablets, and WIFI access points.

* Use a firewall with threat prevention to protect access to your network.

* Secure your endpoints (laptops, desktops) with security software such as anti-virus, anti-spam and anti-phishing.

3. Segment your network

A way to protect your network is to separate your network into zones and protect the zones appropriately. One zone may be for critical work only, where another may be a guest zone where customers can surf the Internet, but not access your work network.

4. Define, educate and enforce policy

Actually have a security policy (many small businesses don’t) and use your threat prevention device to its full capacity. Spend some time thinking about what applications you want to allow in your network and what apps you do not want to run in your network. Educate your employees on acceptable use of the company network.

5. Be socially aware

Social media sites are a gold mine for cybercriminals looking to gain information on people, improving their success rate for attacks. Attacks such as phishing, spearphishing or social engineering all start with collecting personal data on individuals.

6. Encrypt everything

One data breach could be devastating to your company or your reputation. Protect your data by encrypting sensitive data. And make it easy for your employees to do so.

7. Maintain your network like your car

Your network, and all its connected components, should run like a well-oiled machine. Regular maintenance will ensure it continues to roll along at peak performance and hit few speed bumps.

* Turn on automatic updates where available: Windows, Chrome, Firefox and Adobe.

* Use an Intrusion Prevention System (IPS) device like the Check Point 600 Appliance to prevent attacks on non-updated laptops.

8. Cloud caution

Cloud storage and applications are all the rage. But be cautious. Any content that is moved to the cloud is no longer in your control. And cybercriminals are taking advantage of weaker security of some cloud providers.

* When using the cloud, assume content sent is no longer private.

* Encrypt content before sending (including system backups) and check the security of your cloud provider.

* Don’t use the same password everywhere, especially cloud passwords.

9. Don’t let everyone administrate

Laptops can be accessed via user accounts or administrative accounts. Administrative access allows users much more freedom and power on their laptops, but that power moves to the cybercriminal if the administrator account is hacked.

* Don’t allow employees to use a Windows account with Administrator privileges for day-to-day activities.

* Make it a habit to change default passwords on all devices, including laptops, servers, routers, gateways and network printers.

10. Address the BYOD elephant in the room

Start with creating a bring-your-wwn-device (BYOD) policy. Many companies have avoided the topic.

* Consider allowing only guest access (Internet only) for employee owned devices.

* Enforce password locks on user owned devices.

* Access sensitive information only through encrypted VPN.

* Don’t allow storage of sensitive information on personal devices (such as customer contacts or credit card information).

* Have a plan if an employee loses their device.

For more information contact Check Point South Africa, +27 (0)11 319 7267, [email protected], www.checkpoint.com





Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
There is a SaaS for everything, but at what cost, especially to SMEs?
Editor's Choice Information Security Security Services & Risk Management
Relying on SaaS platforms presents significant cybersecurity risks as the number of providers in your landscape increases, expanding your attack surface. It is important to assess the strength of the SaaS providers in your chain.

Read more...
Addressing today’s mining challenges: cyber risks beyond IT
Editor's Choice Information Security Mining (Industry)
Despite the mining industry’s operational technology systems being vulnerable to cyberattacks, many decision-makers still see these threats as purely an IT issue, even though a breach could potentially disrupt mining operations.

Read more...
Get proactive with cybersecurity
Information Security
The ability to respond effectively to a cybersecurity breach is critical, but the missing piece of the puzzle is a thorough, proactive evaluation to ascertain weaknesses and identify any hidden threats.

Read more...
How to effectively share household devices
Smart Home Automation Information Security
Sharing electronic devices within a household is unavoidable. South African teens spend over eight hours per day online, making device sharing among family members commonplace. Fortunately, there are methods to guarantee safe usage for everyone.

Read more...
How to securely manage your digital footprint
Information Security Training & Education
Managing your online presence is critical to safeguarding your privacy and security. It is imperative to take a proactive approach, including using robust cybersecurity best practices.

Read more...
The state of code security in 2024
Information Security
The 2024 State of Code Security survey reveals that organisations have continued to shore up application security defences over the last year, according to OpenText Premier Partner iOCO Application Management.

Read more...
What is the level of safety and integrity of the software supply chain?
Information Security IoT & Automation
Organisations are embracing AppSec practices and focusing on their software security posture. However, they highlight that insufficient funding and security resources, plus a disconnect between developers and security teams, remain major roadblocks.

Read more...
Cybercriminals target financial service providers to get at sensitive client data
Information Security
According to Ryan van de Coolwijk, Product Head for cyber at iTOO Special Risks, hackers target financial service providers because they hold sensitive client information that unauthorised individuals could use for fraudulent activities.

Read more...
Fortinet establishes new point-of-presence in South Africa
News & Events Information Security
Fortinet has announced the launch of a new dedicated point-of-presence (POP) in Isando, Johannesburg, to expand the reach and availability of Fortinet Unified SASE for customers across South Africa and southern African countries.

Read more...











SMART Security Business Directory



Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.