Our 7 IT security tips for SMEs

If you don't feel like reading the whole article, here are our 7 tips in brief:

• Raising awareness among employees
• Using a firewall and antivirus
• Using Two-Factor Authentication
• Protect your network
• Keep your systems up to date
• Proper data management
• Create an action plan

The current COVID-19 pandemic shows us that if a company is ill-prepared for the threat of a virus, the consequences can be dramatic. This observation is applicable to a computer virus. It is therefore essential for SMEs to protect themselves and prepare for the possibility of such an attack.

Here we will try to give you the best advice to improve the IT security of your SME.

1. Raising awareness among employees

The weak link in IT security is still often the human being. To this end, your employees should be made aware that each account requires a strong password that is unique from the others, even if this means using a password manager.

It's always good to remember how to recognize an attack that uses human vulnerabilities, typically phishing. Finally, if your company uses cloud services , it's important to train them on how to use them properly.

2. Use a firewall and antivirus

Installing a company-wide antivirus and firewall is a first line of defense. The firewall checks that every connection on the company network is legitimate and blocks it if it isn't.

The antivirus constantly checks for infected files. Both act as bulwarks and greatly limit the intrusion of malware into the network. Running a scan on all computers and the network every morning will ensure that the antivirus and firewall haven't let a known threat through while running in the background.

We recommend reading our firewall selection and our guide to choosing the best antivirus for your needs .

3. Using two-factor authentication

2FA stands for “Two-Factor Authentication”.

At its latest RSA conference, Microsoft noted that, on average, 99.9% of Azure Active Directory accounts hacked each month used only a password to secure themselves. Moreover, IT security experts were adamant: 95% of hacked Office365 and G Suite accounts were hacked through password watering and password replay attacks.

These attacks work because the passwords used are too simplistic and widespread (for example, the classic Qwerty123). Combining strong passwords and using two-factor authentication makes these types of attacks powerless. To hack accounts, hackers will have to use much more restrictive methods.

Most apps today support 2FA. There are several options available to you, such as Google's Google Authenticator app, RSA's SecurID hardware solutions , and other solutions such as YubiKey USB keys .

4. Protect your network

In addition to the firewall, a network can be protected in several ways.

If you have the option to connect all devices that need access to the company's internal network via Ethernet cable, we recommend doing so. Restricting access to the internal network to only wired devices makes it much more difficult to break into your network because the attack would have to be carried out while physically on-site.

If Wi-Fi is essential for your business, you can initially create two separate networks. The first network will be a hidden Wi-Fi network that only your employees will know about. This network will provide access to the company's entire internal network (computers, printers, etc.) and the external internet network.

A second Wi-Fi network will be created, allowing only access to the external internet network, this will be the one you will give to your customers when they need to access the internet while they are present in your premises.

Recent events have shown us that remote working is set to grow on a large scale. It is therefore essential to allow employees to access the company's internal network; however, we don't want just anyone to be able to access it from outside. This is why using a VPN is essential to increase your organization's IT security.

5. Keep your systems up to date

Another important aspect of IT security is keeping all your applications and devices up to date. This is essential to ensure the security of the software and devices you use, as software vendors gradually patch security vulnerabilities discovered after the product or software is released.

Additionally, these updates sometimes implement useful new features and improve the overall stability of the product. It's important to schedule a time slot each week to check that all your workstations are up to date. Additionally, some antivirus programs allow you to check that all your applications are up to date during daily scans.

6. Proper data management

So far, we've covered ways to protect yourself from a breach by protecting your data. It's equally important to protect the data itself to increase your organization's IT security.

First, it's important to make regular backups in multiple locations to protect yourself from data deletion due to an attack or computer bug. We recommend having three backups of your data: two in different locations and one off-site, in the cloud. This is the 3-2-1 rule.

It is then important for a company to encrypt its data to improve its IT security. Encryption makes data unusable for anyone who does not have the decryption key. This adds a layer of security because even if the hacker has the data, they cannot do anything with it if they do not have the decryption key.

7. Create an action plan

Despite all the precautions we take, an attack can unfortunately occur. The big question is ultimately not if an attack will occur, but when!

Indeed, some vulnerabilities have not yet been discovered by developers and can therefore be exploited by hackers. These are called zero-day vulnerabilities. Therefore, after implementing the above advice, it is essential to prepare for the day when a cyberattack is discovered on your company's network.

This plan will allow you to make the appropriate choices for the IT security of your SME during these crises, which could have dramatic consequences if poorly managed.

Nexxo can help you improve your SME's IT security

IT security for SMEs is a constant battle that requires adequate resources. If you have any questions after reading this article, please contact us . Together, we'll explore how we can help you manage your company's IT security and leverage IT to grow.

About Nexxo IT Solutions

Nexxo Computer Solutions specializes in providing IT and technology services to Quebec businesses. Its mission is to offer Quebec companies IT services tailored to their needs. Acting as an external IT department, it handles all of a company's IT tasks, allowing it to focus on its business activities. It achieves this by collaborating closely with its clients and putting their interests at the center of its concerns.