Protecting your business against cybercriminals is a prerequisite in today’s world. A survey conducted by Unizo reveals that at least 40% of Belgian SMEs have fallen victim to cybercriminals at some point. Hiring IT specialists will no longer cut it when it comes to protecting your business. So what measures should you take instead? Here are a few tips to help you on your way.
1. Identify the main risks
2. Prepare a crisis management plan
What should you do if you are targeted by a cyberattack? Outline the measures to be taken in a crisis management plan, so you can respond quickly in emergency situations. Test your plan a few times beforehand and make any necessary changes.
3. Make sure you and your IT providers agree on a clear plan
Many cyberattacks occur because of unclear communications with IT providers. Discuss a security strategy together with them, along with the priorities, and make sure your software is updated regularly.
4. Remember to take out cyber insurance
A cyberattack can drain your business of its financial resources. That’s why it’s a good idea to take out cyber insurance to cover the repair of any damage, along with financial losses and other expenses, even if these were caused by you or your employees due to inattention.
5. Start with yourself
The most effective protection against cybercriminals starts with you. Choose strong passwords. Use a mix of uppercase and lowercase letters and special characters. Change your passwords regularly and use a different password for each account. If you receive a suspicious e-mail, always check the sender’s address.
If you notice an unusual domain name, exercise caution and avoid clicking on any links or opening any attachments. Also keep in mind the basic rules for protection, such as installing antivirus software and a firewall, and making regular backups of your work.
6. Involve your employees
In 95% of cases, cyberattacks are the result of human error. That’s right: your own staff plays a key role in the fight against cybercrime, so you should educate them on phenomena such as ransomware, CEO fraud and phishing.
Discuss how they can identify cyber-incidents and provide a central point of contact where they can report suspicious activities.
You should also make sure there are clear rules in place for the following areas:
- Working from home
- Passwords
- Use of personal laptops
- Public Wi-Fi networks
- Use of USB sticks
Use a double security safeguard, where your employees must complete multiple steps to gain access to an application or other resource.
7. Protect your customers by complying with the GDPR legislation
If you lose customer data because your USB stick or laptop was stolen, you risk incurring a GDPR fine or penalty equivalent to up to 4% of your annual turnover. As you are aware, all businesses in the EU are required to comply with the GDPR legislation, which was implemented in 2018.
The GDPR provides, among other things, that you must ask your customers for permission to process their data. In addition, you must be able to prove that you received this permission.