Interview: Cybersecurity for small and medium enterprises
The importance of ensuring cybersecurity in Small and Medium Enterprises has become one of the main concerns in all organizational management frameworks due to the multiple examples of cyber attacks experienced in recent years by companies in multiple sectors that compromise the security of their information and business continuity.
On this occasion, the journalist Laura Robayna has interviewed our colleague and Operations Director Germán Delgado with the aim of knowing first hand what are the main concerns that affect SMEs in terms of security and what actions can be taken to counteract them.
Why are SMEs more vulnerable to cyber attacks?
SMEs in general are more vulnerable to cyber-attacks because they do not invest in security, nor do they invest in training. They may not know how to react to certain types of attacks.
SMEs do not usually see the value of investing in security, they do not apply IT security measures because they do not usually see the value of the information that has been damaged. For example, if we make a comparison, surely all the companies have alarms or closed circuit TV because they consider that someone can enter the company.
The reality is that in the end the information where it is stored is in the cloud or in the computers and that is not secured in the same way that a physical office is secured.
What are the most common attacks in SMEs?
They are usually Phishing and Ransomware. Phishing, in the end, what you are doing is phishing in an email. Usually they make you click on a link that directs you to a web page or download a file. This file is usually a malware, which is what we used to know as a virus, the only thing that is a special category, usually can infect everything you have on your computer can even be transmitted to other computers you have in your company to be connected to the local network.
When we have a Phishing that redirects us to a web page, normally that web page is trying to extract data from us. If for example, we are in front of the impersonation of a bank what is being tried is to extract our user number and our password so that they can then use this access in the official page and thus have access to our information.
What can companies do to protect themselves?
What companies can do to prevent any attack they may suffer, the first thing they can do is to rely on companies specialized in IT security. Normally the guidelines that we give to the SMEs, is to have a business continuity plan, more than anything else to know how we can continue working in case we suffer an accident and what we must always have clear is the training.
It is necessary to have an adequate training to the moment in which we are living and working on a daily basis, we must know how to identify a phishing, we must know how to act before a ramsonware... that type of knowledge we must have all of them.
What impact can a computer attack have?
The impact that a computer attack can have on an SME can lead to the closure of an SME. This happened with the Ramsonware that infected Telefonica, or the British Health Service, bringing down these two large companies. However, the SMEs that were affected by this vulnerability have been SMEs that have closed down, why? If I am a delivery company and my computers are infected, I don't know who I have to deliver to, my business is down, I can't be delivering goods, I don't know who has to come in, what payments I am getting or have to stop getting.
It is simply necessary to think that it would happen if I stopped having to my availability all the information that I have in the computers.
The attacks are not usually targeted attacks, a targeted attack is for a person or a specific company. This is not the usual trend, the normal thing is that to the SMEs, multitudes of attacks arrive to them, those attacks are indiscriminate attacks, they are launched and to see who bites.
The fact of being an SME does not mean that you are not a target of someone, you will always be a target of someone who tries to launch a phishing. What we need to know is to identify whether it is a fraudulent email or not.
How can we identify a secure page?
To identify a secure page the first thing we must see is if an https in the url or that it has a padlock, normally all the browsers already include colors assigned to these padlocks, in green it is good and when it appears in red, it means that it does not have that certificate and that the web page is not secure.
It is also necessary to check always that the domain, verify that the domain is the one of the company that we are dealing with, and that the web page has the same characteristics as the official page.
If you have any questions or if you think we can help your organization, do not hesitate to contact us. We will be happy to help you to help you😊