With cyber-attacks on the rise, this blog will look at the threat specifically to SMEs (Small/Medium sized enterprises). A recent study by Cisco found that 40% of SMEs that faced a cyber-attack experienced at least 8 hours of downtime. The costs of such an event can be catastrophic, halting business operations and requiring significant time and money to resolve the issue. Furthermore, last year it was reported that 73% of SME’s specifically experienced a cyber-attack. Clearly, this is a relevant issue and SME’s attention is necessary. This guide will aim to advise small to medium businesses on the best practices to help strengthen your defences before it is too late.
Your Cloud security needs are unique to your business. This means that it is vital to ensure your provider has a solution that meets these individual needs. SME leaders must make sure they understand the Cloud environment of a potential provider before they commit to using their services. As well as this, there must be an understanding across the business that Cloud security is everyone’s responsibility.
The next step is to conduct an inventory of assets, or in other words, what needs to be protected. What data have you got stored in the Cloud? Do you host any apps in the Cloud? Are areas of your infrastructure hosted there? Once needs have been identified, carry out a risk assessment against each asset. The final part of this section is making sure any industry specific regulations are adhered to. An effective Cloud security policy should cover, data management, user access control, security awareness and threat response.
Next, and arguably the most important step, is implementation of best practices across your business. These best practices should be clearly communicated across your organisation and it should be the bare minimum expectation. Included in best practices are things like data protection, access management, MFA, firewalls, and secure VPNs – all with the sole purpose of helping to protect your business in the Cloud.
Humans are the weakest link in a company’s security infrastructure. As a result, training and best practices go hand in hand in the battle to protect your staff in the Cloud. It is vital that staff have regular Cyber Security awareness training, whether that be on an annual, bi-annual or quarterly basis. With Cyber threats continually evolving making sure your staff stay up to date on the latest threats is vital. One good way of testing your employee’s awareness is to test employees with phishing simulations.
Based on the needs identified in your asset inventory it is now time to compare providers out there. Take into account factors such as their security features, their compliance certifications and their service level agreements, specifically looking for security commitments and incident response times.
Regular internal audits should be undertaken as well as external assessments from third-party experts. The results from the audit should be used to help continuously improve your security posture. Detailed in the audit should be which employees or stakeholders have access to which systems and data. The audit also helps you to stay on top of user access control. If a problem does occur in your Cloud set-up, the audit will detail if there were any unauthorised data access points, allowing you to restrict their access before they can cause damage. An audit also helps prevent potential exploitation with the early detection and resolution of potential security gaps.
It is vital to ensure that your staff are aware of Cloud security best practices to protect your business. SMEs may think they can fly under the radar because they are a smaller target, but as the stats at the start of this guide show, this is far from true. By implementing the best practices detailed in this guide, you are taking proactive measure to protect your business.
Want to learn more?