By: Abhilash R., Head of Cybersecurity at OQ Trading In a progressively digital world, small and medium sized enterprises (SMEs) are not immune to cyber threats. Despite their size, SMEs are prime targets for cyberattacks due to their limited resources and perceived vulnerability. Therefore, implementing robust cybersecurity strategies is imperative to safeguard sensitive data, maintain customer trust, and ensure business continuity. This article delves into five essential cybersecurity strategies tailored to SMEs, emphasizing their importance, and providing cost effective solutions.

Employee Education and Training

One of the most critical cybersecurity strategies for SMEs is ensuring that employees are educated and trained in cybersecurity best practices. Human error remains a significant factor in cyber incidents, making cybersecurity awareness training indispensable. Employees should be educated on recognizing phishing attempts, creating strong passwords, and understanding the importance of software updates. Importance: Employees serve as the first line of defence against cyber threats, they are also the weakest links in cybersecurity. By educating them, SMEs can significantly reduce the risk of successful cyberattacks. Solutions: Implement regular cybersecurity training sessions for all employees, covering topics such as identifying suspicious emails, safe internet browsing practices, and responding to security incidents. Utilize online training resources and simulations to reinforce learning effectively. You can develop internal cybersecurity awareness materials using free or low cost presentation tools such as Google Slides or Microsoft PowerPoint. Create engaging presentations covering topics like identifying phishing emails, password best practices, and responding to security incidents. Additionally, leverage free online resources such as cybersecurity blogs, webinars, and tutorials to supplement employee training efforts. Encourage participation in online courses offered by reputable cybersecurity organizations, some of which may be available at no cost.

Implementing Multi-Factor Authentication (MFA)

Multifactor authentication (MFA) adds an extra layer of security by requiring users to provide multiple forms of verification before accessing sensitive data or systems. This strategy helps mitigate the risk of unauthorized access, even if passwords are compromised. Importance: Passwords alone are no longer sufficient to protect against cyber threats. MFA significantly enhances security by requiring additional authentication factors, such as biometric data or one-time codes. Solutions: Implement MFA for all accounts with access to sensitive information or critical systems. Many cloud-based services and software applications offer built-in MFA capabilities, making implementation relatively straightforward and cost effective. Utilize built-in MFA features provided by cloud-based services and software applications, many of which offer MFA functionality at no additional cost. Implement open source MFA solutions that can be customized to fit the organization's specific needs without incurring licensing fees. Alternatively, explore low-cost MFA options offered by third-party providers, ensuring compatibility with existing systems and scalability as the business grows.

Regular Data Backups

Data loss can have devastating consequences for SMEs, ranging from financial losses to reputational damage. Regularly backing up data is essential for mitigating the impact of ransomware attacks, hardware failures, or accidental deletions. Importance: Data backups serve as a safety net, allowing SMEs to recover quickly in the event of a cyber incident. Without backups, businesses risk permanent loss of valuable information. Solutions: Automate regular backups of critical data to secure cloud storage or offline storage devices. Utilize backup solutions that offer versioning capabilities, allowing businesses to restore data to previous states if necessary. Utilize cloud based backup solutions that offer affordable storage options and automated backup scheduling. Leverage free or low cost backup software with basic features for backing up critical data to secure cloud storage or external hard drives. Implement a combination of full and incremental backups to optimize storage space and minimize backup times. Explore open source backup solutions that provide flexibility and customization options without the need for expensive proprietary software.

Network Security Measures

Securing the network infrastructure is crucial for protecting against external threats and unauthorized access. SMEs should implement robust network security measures, such as firewalls, intrusion detection systems (IDS), and virtual private networks (VPNs). Importance: Networks are prime targets for cyberattacks, making network security measures essential for preventing unauthorized access and data breaches. Solutions: Deploy firewalls to monitor and control incoming and outgoing network traffic. Implement IDS to detect and respond to suspicious activities within the network. Utilize VPNs to encrypt data transmissions and establish secure connections for remote workers. Implement open source firewall solutions that provide robust network protection without the high cost associated with commercial firewalls. Utilize free or low cost intrusion detection system (IDS) software that offers essential features such as real time monitoring and threat detection. Explore cost effective virtual private network (VPN) solutions tailored to SMEs' needs, such as subscription based services with affordable pricing plans and easy deployment for remote workers.

Regular Security Assessments and Updates

Cyber threats are constantly evolving, requiring SMEs to stay vigilant and proactive in their cybersecurity efforts. Regular security assessments and updates help identify vulnerabilities and ensure that systems and software are up to date with the latest security patches. Importance: Cyber threats are continuously evolving, making regular security assessments and updates essential for maintaining strong cybersecurity posture. Solutions: Conduct regular security assessments to identify potential vulnerabilities in systems, networks, and applications. Develop and implement a patch management strategy to ensure that software and firmware updates are applied promptly. Conduct internal security assessments using free or low cost vulnerability scanning tools to identify potential weaknesses in systems and networks. Utilize open source penetration testing frameworks to simulate cyberattacks and assess the effectiveness of existing security measures. Implement a systematic approach to applying security patches and updates, leveraging free tools provided by software vendors or community driven initiatives. Additionally, establish internal processes for monitoring security advisories and alerts issued by relevant authorities to stay informed about emerging threats and vulnerabilities. In conclusion, cybersecurity is a critical concern for SMEs in today's digital landscape. By implementing the strategies explained above, SMEs can significantly enhance their cybersecurity posture without breaking the bank. Investing in cybersecurity is not only essential for protecting sensitive data and maintaining business operations but also for safeguarding the long-term viability and reputation of SMEs in an increasingly interconnected world. About Author: Abhilash Radhadevi, a seasoned cybersecurity leader, serves as the Head of Cybersecurity at OQ Trading, bringing over two decades of comprehensive experience in the Banking, Financial, Oil and Energy sectors. Widely recognized for his adept leadership, Abhilash has effectively steered international organizations through intricate security challenges. His illustrious career includes spearheading pioneering cybersecurity strategies, resulting in prestigious awards and acclaim. Beyond his professional achievements, Abhilash maintains a global influence and demonstrates unwavering commitment to mentoring, showcasing his dedication to shaping the future landscape of cybersecurity. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

It takes a little to receive a lot of online hate today, from simply working as a school administrator to playing a role in a popular movie or video game.

But these moments of personal crisis have few, immediate solutions, as the current proposals to curb and stem online harassment zero in on the systemic—such as changes in data privacy laws to limit the personal information that can be weaponized online or calls for major social media platforms to better moderate hateful content and its spread.

Such structural shifts can take years (if they take place at all), which can leave today’s victims feeling helpless.

There are, however, a few steps that everyday people can take, starting now, to better protect themselves against online hate and harassment campaigns. And thankfully, none of them involve “just getting off the internet,” a suggestion that, according to Leigh Honeywell, is both ineffective and unwanted.

“The [idea that the] answer to being bullied is that you shouldn’t be able to participate in public life—I don’t think that’s okay,” said Honeywell, CEO and co-founder of the digital safety consultancy Tall Poppy.

Speaking to me on the Lock and Code podcast last month, Honeywell explained that Tall Poppy’s defense strategies to online harassment incorporate best practices from Honeywell’s prior industry—cybersecurity.

Here are a few steps that people can proactively take to limit online harassment before it happens.

Get good at Googling yourself

One of the first steps in protecting yourself from online harassment is finding out what information about you is already available online. This is because, as Honeywell said, much of that information can be weaponized for abuse.

Picture an angry diner posting a chef’s address on Yelp alongside a poor review, or a complete stranger sending in a fake bomb threat to a school address, or a real-life bully scraping the internet for embarrassing photos of someone they want to harass.  

All this information could be available online, and the best way to know if it exists is to do the searching yourself.

As for where to start?

“First name, last name, city name, or other characteristics about yourself,” Honeywell said, listing what, specifically, to search online.

It’s important to understand that the online search itself may not bring immediate results, but it will likely reveal active online profiles on platforms like LinkedIn, X (formerly Twitter), Facebook, and Instagram. If those profiles are public, an angry individual could scrape relevant information and use it to their advantage. Even a LinkedIn profile could be weaponized by someone who calls in fake complaints to a person’s employer, trying to have them fired from their position.

In combing through the data that you can find about yourself online, Honeywell said people should focus on what someone else could do with that data.

“If an adversary was trying to find out information about me, what would they find?” Honeywell said. “If they had that information, what would they do with it?”

Take down what you can

You’ve found what an adversary might use against you online. Now it’s time to take it down.

Admittedly, this can be difficult in the United States, as Americans are not protected by a national data privacy law that gives them the right to request their data be deleted from certain websites, platforms, and data brokers.

Where Americans could find some help, however, is from online resources and services that streamline the data removal process that is enshrined in some state laws. These tools, like the iOS app Permission Slip, released by Consumer Reports in 2022, show users what types of information companies are collecting about them, and give user the opportunity to request that such data be deleted.

Separately, Google released on online tool in 2023 where users can request that certain search results that contain their personal information be removed. You can learn more about the tool, called “Results about you,” here.

When all else fails, Honeywell said that people shouldn’t be afraid to escalate the situation to their state’s regulators. That could include filing an official complaint with a State Attorney General, or with the Consumer Financial Protection Bureau, or the Federal Trade Commission.

“It sounds like the big guns,” Honeywell said, “but I think it’s important that, as individuals, we do what we can to hold the companies that are creating this mess accountable.”

Lock down your accounts

If an adversary can’t find your information through an online search, they may try to steal that information by hacking into your accounts, Honeywell said.

“If I’m mad at David, I’m going to hack into David’s email and share personal information,” Honeywell said. “That’s a fairly standard way that we see some of the worst online harassment attacks escalate.”

While hackers may have plenty of novel tools at their disposal, the best defenses you can implement today are the use of unique passwords and multifactor authentication.

Let’s first talk about unique passwords.

Each and every single one of your online accounts—from your email, to your social media profiles, to your online banking—should have a strong, unique password. And because you likely have dozens upon dozens of online accounts to manage, you should keep track of all those passwords with a devoted password manager.

Using unique passwords is one of the best defenses to company data breaches that expose user login credentials. Once those credentials are available on the dark web, hackers will buy those credentials so they can attempt to use them to gain access to other online accounts. You can prevent those efforts going forward by refusing to repeat passwords across any of your online accounts.

Now, start using multifactor authentication, if you’re not already.

Multifactor authentication is offered by most major companies and services today, from your bank, to your email, to your medical provider. By using multifactor authentication, also called MFA or 2FA, you will be required to “authenticate” yourself with more than just your password. This means that when you enter your username and password onto a site or app, you will also be prompted with entering a separate code that is, in many cases, sent to your phone via text or an app.

MFA is one of the strongest protections to password abuse, ensuring that, even if a hacker has your username and password, they still can’t access your account because they will not have the additional authentication that is required to complete a login.

In the world of cybersecurity, these two defense practices are among the gold standard in stopping cyberattacks. In the world of online harassment, they’re much the same—they work to prevent the abuse of your online accounts.

Here to help

Online harassment is an isolating experience, but protecting yourself against it can be quite the opposite. Honeywell suggested that, for those who feel overwhelmed or who do not know where to start, they can find a friend to help.

“Buddy up,” Honeywell said. “If you’ve got a friend who’s good at Googling, work on each other’s profile, identify what information is out there about you.”

Honeywell also recommended going through data takedown requests together, as the processes can be “extremely tedious” and some of the services that promise to remove your information from the internet are really only trying to sell you a service.

If you’re still wondering what information about you is online and you aren’t comfortable with your way around Google, Malwarebytes has a new, free tool that reveals what information of yours is available on the dark web and across the internet at large. The Digital Footprint Portal, released in April, provides free, unlimited scans for everyone, and it can serve as a strong first step in understanding what information of yours needs to be locked down.

To learn what information about you has been exposed online, use our free scanner below.