With the steady increase in mobile devices and the popularity of working remotely, information security has become a major issue for SMEs. Here’s a short guide to warding off cyberattacks and keeping your data secure.

1. Plan your defence

The first step to ensuring information security for your SME is establishing a structured approach. It’s important to analyze your organization’s needs and objectives in order to develop an awareness program about data security. “Companies cannot rely solely on technology to protect themselves: Hackers are now targeting users to accomplish their goals,” explains Theo Zafirakos, CISO for Terranova Security.*

On the plus side, information security awareness programs don’t necessarily require a major financial investment. “Just a fraction of your IT budget and the help of a security analyst is enough to avoid being hacked. The amount of effort it takes will depend on how many employees you have and their training needs,” he explains.

The process aims to mobilize all employees and train them in how to improve their behaviour with regard to information security. It is then crucial to measure your program’s performance in relation to your objectives.

2. Small everyday changes bring big results

Even small behaviours are important when it comes to security. Encourage your staff to be more vigilant. For example, you could create an Internet use policy for office employees. Invite them to use strong passwords and two-factor authentication whenever possible. Use antivirus software and a firewall to protect your IT equipment from viruses, worms and other spyware. Finally, be sure to update the security software on all your computers whenever updates are available.

Other simple yet effective measures can also maintain the confidentiality of your data. Store your printed documents appropriately. Keep your records in locked filing cabinets and limit access to them. Also, before throwing away old computers or hard drives, destroy all the data stored on them.

3. Don’t take the bait

Phishing involves luring victims into clicking on malicious links in emails or attached documents that will result in the installation of malware. The goal of this technique, also known as “spoofing,” is to trick recipients into revealing personal, financial or other kinds of sensitive information.

For example, one of the more common scams involves tricking victims with the help of an email sent by a financial institution. In this type of fraud, the message seems to be sent from a trustworthy source, yet certain elements should set off alarm bells. Do the message’s subject line and sender address both come from the domain name mentioned in the email? Is the email full of spelling mistakes? Remember that email is the most common vector for phishing scams. Recipients of such fraudulent messages should delete the email, without clicking on any internal links, and ideally notify their Internet provider and the institution being spoofed. Remember: Think before you click!

4. Protection against ransomware 

This type of attack is a kind of virtual hostage-taking of your company’s computers by a hacker looking to easily pocket a few million of your dollars! Once the ransom is paid, the hacker provides a decryption key that frees your computers from the malicious software. All it takes is for you to open just one infected file, triggering your computer to restart and display the ransom message. To defend against this type of attack, an internal training program should prove highly valuable. By informing your employees of the serious nature of cyberattacks and the best ways to avoid them, you will reduce the likelihood that such an incident will occur.

5. Choose a competent security expert

The first mistake made by company executives is neglecting the importance of a cybersecurity awareness program. “Organizations need to hire information security providers with expertise in this area and content that is ready for deployment. Don’t hesitate to involve your communications and human resources departments in facilitating the roll-out of this kind of program,” concludes Zafirakos.

*Terranova Security is a provider and partner of Desjardins Capital, forming part of our vast business network that provides access to exclusive offers.