1. Cloud data
From Dropbox, OneDrive to Google Drive there is no shortage of cloud-based storage providers, but how safe is data in the cloud? Choosing a reputable service is of the upmost importance, but SMEs should also encrypt sensitive files before uploading them to the cloud and back up data locally or in another cloud account.
2. BYOD policy
Employees of SMEs are bringing their own devices into the office and using them for work projects more than ever before. BYOD may be convenient for staff, but if a comprehensive policy isn’t in place that governs mobile usage, hackers can infiltrate the whole network through these unprotected devices.
3. Social engineering
Cyber criminals will try and gain the trust of an employee by pretending to be someone they’re not and in the process gain access to important information. Employees should be alerted about the prevalence of social engineering attacks and told to look out for unusual requests purporting to be from colleagues or clients.
Simple passwords can be relatively easy to crack through phishing, brute-force attacks and other methods, leaving e-mail accounts and vital systems open to attack. Multifactor authentication is where a user must offer at least one more piece of evidence beside a password to prove their identity, providing another layer of security.
5. Network devices
An SME’s network devices should be as protected as their digital assets, with unauthorised physical access easily leading to security being compromised. For example, accessible devices in office spaces should be monitored and if necessary moved to a more secure location.
6. Access control
User accounts with administrative privileges should only be given to employees that have been authorised, with these special access privileges regularly reviewed. If a hacker was to get into a non-privileged account, the damage they could do is limited as they would only have the minimum level of access to the SME’s systems and networks.