Cyber attacks stopped targeting only banks and large corporations long ago. On the contrary, small and medium-sized businesses are often an easier target because they underestimate cyber security. The good news is that most attacks can be prevented by following a few basic principles.

1. Regular updates

An unpatched system is an open door. Install security updates for your operating system and applications as soon as they come out. Many attacks exploit exactly those vulnerabilities that are well known and were patched long ago.

2. Strong and unique passwords

Use long, unique passwords and ideally a password manager. Wherever possible, turn on two-factor authentication (2FA) - even if someone obtains the password, they cannot get in without the second factor.

3. Backups following the 3-2-1 rule

Keep at least three copies of your data, on two different media, with one copy stored off-site. In a ransomware attack, a working backup is often the only way to get your data back without paying the ransom.

4. Watch out for phishing

The most common gateway for an attack is email. Teach your employees to recognise phishing - suspicious links, attachments and requests for passwords or payments. When in doubt, it is better to verify the sender by phone.

5. Antivirus and firewall

Quality antivirus protection and a properly configured firewall on both the router and end devices form the basic line of defence against malicious software.

6. Limit access rights

Every employee should have access only to what they really need. The fewer accounts with high privileges, the smaller the damage if they are compromised.

7. Have a plan and a partner

Even the best prevention may not be enough. Have a procedure ready in case of an incident, and a partner who can help you. A professional IT audit will uncover weak spots before an attacker finds them.

Do you need to check your company’s security? We are happy to help you with an IT audit and with setting up tailored protection.