SMEs Cybersecurity best practices

SMEs Cybersecurity best practices

Involving Top Management

  • Appoint an information security officer.
  • Identify your ICT risks and safeguard your business for the future.
  • Be aware of cyber threats and vulnerabilities in your networks.

Raise Staff Awareness of Cyber risks

  • Get users to subscribe to your code of conduct.
  • Periodically remind users that information must be treated as sensitive & with respect for privacy rules.
  • Inform users how to recognize phishing (e-mail fraud) and how to respond.

Publish a corporate security policy and a code of conduct

  • Create and apply procedures for the arrival and departure of users.
  • Plan and execute security audits.
  • Develop and distribute a code of conduct for using ICT.

Manage your key ICT assets

  • Maintain an inventory of all ICT equipment and of software licenses.
  • Create an accurate and up-to-date map of all your networks and interconnections.

Update all your programs

  • Create an in-house patch, patch and path culture (workstations, mobile devices, servers, network components ...).
  • Apply security related updates to all software as early as possible.
  • Automate the update process and audit its efficiency.

Install antivirus protection

  • Antivirus software is installed on all workstations and servers.
  • Automate updates of antivirus products.
  • Users are familiar with the antivirus software’s infection warning procedure.

Backup all information

  • Daily backups of your important data.
  • Select own or cloud backup solutions.
  • Store Backups offline and in a separate place (at a distance from their source if possible).

Manage access to your computers and networks

  • Change all default passwords.
  • No one works with administrator privileges for daily tasks.
  • Passwords must be longer than 10 characters with a combination of character types and changed periodically or when there is any suspicion of compromise.

Secure workstations and mobile devices

  • Automatically lock workstations and mobile devices when unused.
  • Laptops, smartphones or tablets are never left unattended.
  • Disable autorun functions from external media.

Secure servers and network components

  • Change all default passwords and disable unused accounts.
  • The wifi network is protected by WPA2 encryption.
  • Shut down unused services and ports.

Secure remote access

  • Remote access must be closed automatically when inactive for a certain amount of time.
  • Limit remote access to what is strictly necessary.
  • All connections to the corporate network are secured and encrypted.

Have an incident handling plan

  • Create an Incident Handling Plan to respond to an incident.
  • All employees must know the contact point for reporting incidents.