How Companies Without CISOs Can Build Their Defenses

Check out all the Smart Security Summit on-demand sessions here.

There is no longer anything too small to be the target of a cyberattack. If you think hackers wouldn't mind targeting small and medium-sized businesses (SMBs), think again.

Today, even small businesses process valuable data such as customer and payment information, making them profitable targets to hack. In fact, attacks on small businesses are on the rise. Password-stealing malware attacks against small businesses increased by almost a third between the first quarter of 2021 and the first quarter of this year.

Given the prevalence of cyberattacks, SMBs need to prioritize security. Unfortunately, SMEs are not investing as much in cybersecurity as they should. Nearly half of companies with less than 50 employees do not have a separate security budget. Large enterprises, on the other hand, have the luxury of hiring Chief Information Security Officers (CISOs) to direct their defensive strategies. In SMBs, IT teams must take on this responsibility. They even need to take a broader perspective when securing the entire organization.

Security is a shared responsibility among all technology users. That's why companies, including SMEs, must be prepared to invest in security. The lack of a dedicated CISO should not prevent them from implementing robust security strategies that significantly reduce their risk of falling victim to damaging cyberattacks. Anyone can start by following basic security practices.

Event

On-Demand Smart Security Summit

Learn about the essential role of AI and ML in cybersecurity and industry-specific case studies. Watch the on-demand sessions today.

look here

Here are several tactics that security teams can implement that will have an immediate impact on SMB security.

Enable Multi-Factor Authentication

Enterprises are moving their workloads to the cloud through Software-as-a-Service (SaaS) enterprise applications. Fortunately, SaaS applications have improved their security measures. SMEs should take advantage of this.

Most have options to enable multi-factor authentication (MFA). When MFA is enabled, users must provide at least two types of credentials to gain access to an application or system. A common implementation of MFA is one-time passwords (OTPs).

In addition to a valid username/password combination, an application would require the user to enter an OTP. Users receive the OTP upon login in their registered email addresses or mobile phones. This mechanism usually prevents unauthorized access in case a hacker obtains a username and password combination for the SaaS application.

Enable password rotation and limit privileges

When securing accounts, use strong passwords and complex passwords. Special characters and length make it more difficult to decipher. Employees should also avoid reusing their personal emails and passwords for work and vice versa. Hackers now have access to login credentials from many past data breaches. Thus, if a user continues to use compromised credentials, it is likely that hackers can easily gain access to systems or applications that use the same credentials.

You can usually require password rotation in your enterprise applications. User passwords can expire and require employees to change them. This limits the time an account is exposed if it is compromised. To help employees keep track of their credentials, ask them to use password managers. They will be able to use long and complex passwords for the applications they use and...

  Startups   Dec 12, 2022   0   99  Add to Reading List
How Companies Without CISOs Can Build Their Defenses

Check out all the Smart Security Summit on-demand sessions here.

There is no longer anything too small to be the target of a cyberattack. If you think hackers wouldn't mind targeting small and medium-sized businesses (SMBs), think again.

Today, even small businesses process valuable data such as customer and payment information, making them profitable targets to hack. In fact, attacks on small businesses are on the rise. Password-stealing malware attacks against small businesses increased by almost a third between the first quarter of 2021 and the first quarter of this year.

Given the prevalence of cyberattacks, SMBs need to prioritize security. Unfortunately, SMEs are not investing as much in cybersecurity as they should. Nearly half of companies with less than 50 employees do not have a separate security budget. Large enterprises, on the other hand, have the luxury of hiring Chief Information Security Officers (CISOs) to direct their defensive strategies. In SMBs, IT teams must take on this responsibility. They even need to take a broader perspective when securing the entire organization.

Security is a shared responsibility among all technology users. That's why companies, including SMEs, must be prepared to invest in security. The lack of a dedicated CISO should not prevent them from implementing robust security strategies that significantly reduce their risk of falling victim to damaging cyberattacks. Anyone can start by following basic security practices.

Event

On-Demand Smart Security Summit

Learn about the essential role of AI and ML in cybersecurity and industry-specific case studies. Watch the on-demand sessions today.

look here

Here are several tactics that security teams can implement that will have an immediate impact on SMB security.

Enable Multi-Factor Authentication

Enterprises are moving their workloads to the cloud through Software-as-a-Service (SaaS) enterprise applications. Fortunately, SaaS applications have improved their security measures. SMEs should take advantage of this.

Most have options to enable multi-factor authentication (MFA). When MFA is enabled, users must provide at least two types of credentials to gain access to an application or system. A common implementation of MFA is one-time passwords (OTPs).

In addition to a valid username/password combination, an application would require the user to enter an OTP. Users receive the OTP upon login in their registered email addresses or mobile phones. This mechanism usually prevents unauthorized access in case a hacker obtains a username and password combination for the SaaS application.

Enable password rotation and limit privileges

When securing accounts, use strong passwords and complex passwords. Special characters and length make it more difficult to decipher. Employees should also avoid reusing their personal emails and passwords for work and vice versa. Hackers now have access to login credentials from many past data breaches. Thus, if a user continues to use compromised credentials, it is likely that hackers can easily gain access to systems or applications that use the same credentials.

You can usually require password rotation in your enterprise applications. User passwords can expire and require employees to change them. This limits the time an account is exposed if it is compromised. To help employees keep track of their credentials, ask them to use password managers. They will be able to use long and complex passwords for the applications they use and...

What's Your Reaction?

like

dislike

love

funny

angry

sad

wow