Over the past couple of years - and particularly in the first few months of this year - we've witnessed incidents where organizations and businesses fell victim to hacker attacks resulting in data loss. This highlights the critical importance of prioritizing IT security across all businesses. Even small and medium-sized enterprises (SMEs) are not immune, as evidenced by data from Microsoft's annual security report, revealing that 70 percent of all ransomware attacks are directed at SMEs. So, how is the IT security in your company?
By incorporating diverse security measures, you can prevent hacker attacks. Drawing on many years of experience with cloud security in both the private market and the public sector, both domestically and abroad, we would like to help you do just that - fend off a cyberattack. Below, we outline our five most important recommendations for SMEs.
Time and technology are ripe
The government's proposal suggests that "documenting one's work down to the minute should no longer be necessary." It's a drastic yet positive change, though I'm skeptical it will happen overnight. History has shown that despite desires to reduce documentation, the number of requirements tends to increase. In the proposal, the government aims to establish a partnership between itself, KL, and relevant companies experienced in automated data collection. This partnership aims to promote an "automation first" principle in the care sector.
At twoday, we welcome the above principle and partnership. Our experience demonstrates that automation can streamline processes and generate value for both public and private enterprises. Therefore, why not implement it in elderly care, an industry traditionally burdened by manual documentation and registration?
For instance, technologies like AI and machine learning have reached a level of maturity where they can effectively manage many of the manual registrations that have traditionally consumed much of the working hours of both employees and managers in the elderly care sector.
Be clear about what you want to protect
It might seem trivial, but 9 out of 10 companies we engage with at twoday CTGlobal are unsure of the exact number of machines they need to protect. Needless to say, it's challenging to ensure proper protection when you're uncertain about what needs safeguarding. Therefore, develop awareness of your protection needs.
Use cloud services
Utilize cloud services as much as possible, as SMEs are likely the segment that stands to gain the most from cloud technology. This is because cloud technology offers very cost-effective access to highly advanced security, which would have been prohibitively expensive for traditional SMEs in the past. For instance, your data is significantly safer in the cloud than on an outdated server in the basement. For companies with fewer than 300 employees, we recommend investing in Microsoft Business Premium, and for larger companies, we typically recommend Microsoft 365 E5. Both solutions offer comprehensive security features.
Integrate technology
In other words, integrate the technology throughout your entire tech setup. We often encounter situations where companies invest in costly security software but fail to implement it effectively. It's not uncommon for 20-30 percent of all devices to lack protection, such as Microsoft Defender. A fundamental principle in security is to assume that your company is under attack. Typically, attackers target the weakest points. Therefore, your investment in expensive security software pays off only if all your machines are adequately protected.
Update systems
Our fourth recommendation mostly applies to medium-sized companies that manage updates and patches centrally. According to Microsoft, 80-90 percent of all successful hacker attacks target unmanaged devices, such as PCs not overseen by IT in either System Center or Intune. Applications and operating systems often remain un-updated, with fewer security controls in place. Therefore, ensure that all devices are managed devices.
You and your employees must use Multifactor Authentication
You and your employees need to prioritize protecting your identities, and Multifactor Authentication (MFA) is essential. With MFA, users must verify their identity using more than one method, such as a password combined with an SMS code. Unfortunately, cybercriminals can easily exploit weak passwords, particularly if they are as simple as "123456" or your social security number. By implementing MFA, you can significantly reduce the risk of attacks by over 99 percent. Therefore, it's a crucial security measure that we strongly always recommend.
Want to know more?
Many companies adopt an all-or-nothing approach to security, which is a significant misconception. In reality, even a modest effort can yield substantial results. So, don't hesitate to get started on improving your security measures!
Based on our experience, we've found security vulnerabilities in nearly every company we've engaged with over time. We can help you identify your security weaknesses, a crucial step in an era where hacker attacks pose an increasingly prevalent threat to businesses.
Don't hesitate to reach out if you're interested in learning how we can support your company with IT security.
Contact us