Security for Small and Medium-Sized Enterprises (SMEs)

Adam Gleeson, Cyber Security Vendor Alliance Manager, reviews the five key essential functions small and medium-sized organisations require to be cyber secure. He covers:

• Jump to Traditional Anti-malware Protection is No Longer Enough >
• Jump to Patching: Keep Your Systems Up To Date >
• Jump to Security Awareness Training is Crucial >
• Jump to The Modern Firewalls >
• Jump to Regular Testing >
• Jump to How a Ransomware Phishing Attack Works >
• Jump to Book a Consultation >

Cyber security nirvana is the state you reach when you are 99.9% confident in your cyber security protections. This was, at one point, many years ago, something that was actually achievable. These days? Not so much. The relentless and somewhat unique ways in which our technology, work life, digital tools and personal lives continue to evolve and advance means cyber security Nirvana is now one of those things you will never ultimately attain.

However, you can build your cyber security strategy in such a way that you can have confidence you are doing everything you can whilst equipping yourself for whatever new threats appear on the horizon. Small and Medium-sized organisations (SMEs) need to focus on five essential functions I will describe below.

Traditional anti-malware protection is no longer enough

I see a range of approaches to anti-malware. Attitudes range from "It's something I know I need to have, but anything will do" to "I want to have the best I can, but it needs to be affordable". The latter is the approach that you should adopt.

The antivirus (or the modern term, endpoint protection) you run on all your users' computers is a critical line of defence. It can spot things happening that may not be visible to the person using the computer. Your endpoint security/ antivirus can mean the difference between spotting a virus or hacker's nefarious activity and you being another ransomware victim.

In this regard, you need to be looking at the best you can afford, and you need to be able to afford a next-generation solution. The traditional approach of the scanner having a 'naughty list' of known software threats is no longer sufficient. New threats emerge hourly, and the 'naughty list' approach can't keep up.

This is where the next-generation solutions come in. The new approach to is to look at process and software behaviours. While we may not be able to keep up with the latest emerging threats, 99.9% of them behave in a known manner. That is, they may be a new version or type of danger, but the nature of what they are there to do hasn't changed. By monitoring for the key behaviours associated with these threats, we can detect them without needing to know about them beforehand, providing us with a constantly up-to-date defence mechanism.

Patching: Keep your systems up to date

The software we run shifts and constantly changes. As with external software threats, the landscape we face from internal vulnerabilities needs addressing through effective software update (or patch) management.

New features enhance functionality or improve the software to make our jobs easier. However, with any new software code, there is a potential for bugs - most are harmless, but some represent significant security risks. Historically these bugs often went unnoticed. Nowadays, most software vendors offer 'bug bounties', rewarding anyone who can identify a bug/flaw in the software. Unfortunately, attackers often can exploit these bugs to install malicious software.

Security flaws in new software are uncovered and publicised quickly – both to the software vendor and the internet at large – meaning that it is more important than ever to ensure that your software is kept up to date to ensure that this easy attack vector does not exist.

Security awareness training is crucial

Your users can be the weakest link in your cyber security defence, OR they can be your greatest asset. Which end of the scale they sit at depends entirely on how well they are trained in security best practices.

Last year the vast majority of cyber attacks launched against UK businesses were initiated with a phishing attack via email. Had the users that clicked on those emails been more aware of what to look for, most of those attacks could have been easily prevented.

Many different solutions are available today that provide phishing awareness and simulations. You can train your users and help them understand where they made mistakes, so they can put into practice what they are being taught and learn what to look for.

Email: The Danger Within

Mimecast & Microsoft On Demand Webinar

Watch Now

The modern firewalls

The concept of firewalls is not new. We've had them for decades, but the task the firewall must fulfil has become more challenging in line with the other increases in technological complexity.

Traditional rule-based firewalls still work to an extent. However, with the rapid changes in how we operate, management of the rules can become burdensome. If not kept up to date, they can cease to be effective defences.

Many businesses are now adopting 'next-generation' (that phrase again) firewalls. These will feature far more robust defensive protection and internal and external network traffic analysis to pick up on potentially malicious behaviour or software indicators. Their ability to dynamically accommodate new application requirements of the users can also be a key factor. For example, allowing applications firewall access from specific software vendors (e.g., Microsoft) may alleviate some of the work required of your helpdesk as manual rules will not need to be configured for each application instance.

Regular Testing

Finally, having great security products deployed to protect your business and users is fantastic, but if those solutions are not configured correctly, they cease to be an effective defence. For this reason, regular testing of your systems and your users is an essential activity to perform. Would you prefer to find out your AV isn't up to scratch when it's 'no-harm-done' or when your business is in crisis mode?

How a ransomware phishing attack works

To add context to some of the points I have raised above, I have illustrated just how easy it can be to run afoul of ransomware. To be clear, this is not the only method of attack that can lead to an infection, but it is one of the most common. A typical example would be phishing attacks that lead to ransomware infection.

To learn more about how you can protect your organisation, book your free 30-minute security consultation with one of our penetration testers. Get agnostic advice from industry experts on how secure your business. Request here.