(Image from Pixabay)

Cybercriminals won’t discriminate on the size of an organization as long as they could obtain data and other information they could use for their crimes. Small and medium enterprises (SMEs), the backbone of the Philippine economy, can easily fall victim to cyber attacks if they don’t secure their platforms immediately.

SMEs are vulnerable to cyber crimes not only because they are believed to have a lesser secure infrastructure but also because they can be used as backdoors to infiltrate larger organizations, as reported by some security vendors in the past.

“With the growing incidences of ransomware, distributed-denial-of-service (DDOS) attacks, and crypto mining, among others, cybercrimes today are growing in frequency, ingenuity, and financial impact,” said Julius Suarez, manager for Engineering Asean of network security vendor Sophos. “Organizations should reevaluate their security to include predictive security technology that has the capabilities to get ahead of these painful and costly exploits, integrated network and endpoint protection that has the ability to halt advanced threats and contain isolated incidents before they become widespread, as well as advanced employee education.”

Suarez also reminded organizations that in the event of any data breach—and this is included in European Union’s General Data Protection Regulation—they must inform the government’s security agency immediately. They must also be ready to tell the extent of damage of the data breach to the organizations, but most especially to the consumers and clients.

Below are some of Sophos’ tips for businesses on how to secure their data.

• Patch early and often. Malware that does not spread through a document often relies on security bugs in popular applications, including Microsoft Office, your browser, Flash, and more. The sooner you patch, the fewer holes that can be exploited.
• Educate employees to be cautious about unsolicited emails and attachments. Phishing remains an easy access route into organizations for today’s ransomware payloads and data breaches, with 41 percent of organizations seeing an attack on a daily basis. Organizations need to constantly educate their employees on the social engineering tactics attackers use to trick them into downloading malware. A service like the Phish Threat simulator automates the entire training process and provides visual analytics to identify vulnerable employees.
• Upgrade firewalls. Network firewalls with traditional signature-based detection are no longer able to provide adequate visibility into application traffic due to a variety of factors such as the increasing use of encryption, browser emulation, and advanced evasion techniques. Network protection now needs to be able to exchange direct information with endpoint security in order to reveal who and what is lingering on your networks. Without such visibility, ransomware, unknown malware, data breaches, and other advanced threats, as well as potentially malicious applications and rogue users can slip through the cracks and infect entire systems.
• Make sure your endpoint protection is always updated. Traditional anti-virus solutions may no longer be enough. Cyber attacks today are becoming more sophisticated, adapting to – and eventually overcoming – traditional security defenses. To counter these, Sophos has developed Intercept X, which is equipped with deep learning capabilities to identify and block both known and unknown exploits before they can even cause any harm.
• Back up, encrypt, and use password managers and strong “passphrases.” There are dozens of ways other than ransomware that files can be lost, such as fire, flood, theft, a dropped laptop or even an accidental delete. Encrypt your backup and you won’t have to worry about the backup device falling into the wrong hands. Make use of password managers, which keep track of log-in details and ensure passwords or passphrases are unique and strong.

“Combining predictive technologies, synchronized security, and employee awareness can help organizations stay ahead of today’s evolving threat landscape,” said Suarez. “These should be considered as investments not just in data security and privacy, but also in business productivity and efficiency, as well as protection from litigation and compliance issues.”