Top 10 security best practices for SMBs

October 2013 Information Security

Cybercrime in South Africa is increasing at epidemic proportions and small to medium businesses have turned into key targets for cyber-criminals. Small businesses rarely recover from cyber-attacks, but there are some very simple steps you can take to protect your business.

Doros Hadjizenonos
Doros Hadjizenonos

Doros Hadjizenonos, sales manager at Check Point South Africa highlights his top 10 security best practices for the South African SMB space.

1. Common passwords are bad passwords

Passwords are your first line of defence when it comes to security. Cybercriminals trying to break into your network will start their attack by trying the most common passwords. Ensure your employees and users are using long (over eight characters), complex (include lower case, upper case, numbers and non-alpha characters) passwords.

2. Secure every entrance

All it takes is one open door to allow a cybercriminal to enter your network. Just like you secure your home by locking the front door, the back door and all the windows, think about protecting your network in the same way.

* Ensure strong passwords on laptops, smartphones, tablets, and WIFI access points.

* Use a firewall with threat prevention to protect access to your network.

* Secure your endpoints (laptops, desktops) with security software such as anti-virus, anti-spam and anti-phishing.

3. Segment your network

A way to protect your network is to separate your network into zones and protect the zones appropriately. One zone may be for critical work only, where another may be a guest zone where customers can surf the Internet, but not access your work network.

4. Define, educate and enforce policy

Actually have a security policy (many small businesses don’t) and use your threat prevention device to its full capacity. Spend some time thinking about what applications you want to allow in your network and what apps you do not want to run in your network. Educate your employees on acceptable use of the company network.

5. Be socially aware

Social media sites are a gold mine for cybercriminals looking to gain information on people, improving their success rate for attacks. Attacks such as phishing, spearphishing or social engineering all start with collecting personal data on individuals.

6. Encrypt everything

One data breach could be devastating to your company or your reputation. Protect your data by encrypting sensitive data. And make it easy for your employees to do so.

7. Maintain your network like your car

Your network, and all its connected components, should run like a well-oiled machine. Regular maintenance will ensure it continues to roll along at peak performance and hit few speed bumps.

* Turn on automatic updates where available: Windows, Chrome, Firefox and Adobe.

* Use an Intrusion Prevention System (IPS) device like the Check Point 600 Appliance to prevent attacks on non-updated laptops.

8. Cloud caution

Cloud storage and applications are all the rage. But be cautious. Any content that is moved to the cloud is no longer in your control. And cybercriminals are taking advantage of weaker security of some cloud providers.

* When using the cloud, assume content sent is no longer private.

* Encrypt content before sending (including system backups) and check the security of your cloud provider.

* Don’t use the same password everywhere, especially cloud passwords.

9. Don’t let everyone administrate

Laptops can be accessed via user accounts or administrative accounts. Administrative access allows users much more freedom and power on their laptops, but that power moves to the cybercriminal if the administrator account is hacked.

* Don’t allow employees to use a Windows account with Administrator privileges for day-to-day activities.

* Make it a habit to change default passwords on all devices, including laptops, servers, routers, gateways and network printers.

10. Address the BYOD elephant in the room

Start with creating a bring-your-wwn-device (BYOD) policy. Many companies have avoided the topic.

* Consider allowing only guest access (Internet only) for employee owned devices.

* Enforce password locks on user owned devices.

* Access sensitive information only through encrypted VPN.

* Don’t allow storage of sensitive information on personal devices (such as customer contacts or credit card information).

* Have a plan if an employee loses their device.

For more information contact Check Point South Africa, +27 (0)11 319 7267, doros@checkpoint.com, www.checkpoint.com





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Cybersecurity needs actual intelligence before artificial intelligence
Information Security AI & Data Analytics
Cybersecurity depends on interpretation. A tool can tell you that something unusual has happened, but people need to determine whether it is a genuine risk, the business impact, and how to respond without causing unnecessary disruption.

Read more...
Duxbury Cybersecurity sharpens reseller offering
Duxbury Networking Information Security News & Events
Duxbury Networking has strengthened its Duxbury Cybersecurity business unit by adding WatchGuard and Cynet, giving South African resellers broader, more integrated coverage for the security risks customers are now asking them to address.

Read more...
NEC XON detects and stops ransomware attack
NEC XON Information Security IoT & Automation
Ransomware attacks rarely begin with chaos. More often, they start quietly, with probing, mapping, and patient reconnaissance inside a target’s network. That was the situation facing a global recruitment firm when cybercriminals attempted to navigate its systems.

Read more...
Sara AI Pentesting available in South Africa
Information Security News & Events
Synack and Wolfpack Information Risk are offering Sara AI Pentesting to organisations across South Africa, helping companies move from point-in-time testing to continuous security validation with AI and human expertise.

Read more...
Sophos establishes South African legal entity to strengthen local operations
News & Events Information Security
Global cybersecurity company, Sophos, has announced the formation of its local legal entity, which will support local invoicing, partner enablement, compliance requirements and expanded regional investment.

Read more...
Cybersecurity in a digitally connected security industry
SA Technologies Information Security IoT & Automation
As more organisations move towards digital visitor management, cloud-based access control, mobile applications, biometric verification, and connected security platforms, cybersecurity must be viewed as part of the full security environment.

Read more...
Enterprises must prepare for digital conflict
Information Security
Cyberattacks can be launched remotely and at scale. A coordinated attack launched from anywhere in the world can disrupt supply chains, shut down utilities, or expose millions of customer records within minutes.

Read more...
71% of organisations suffered an identity breach
News & Events Information Security
The State of Identity Security 2026 report from Sophos finds human error and poor non-human identity management are the root causes of most attacks, as agentic AI accelerates the risk.

Read more...
Cyber resilience is the real defence
Security Services & Risk Management Information Security Infrastructure
Cyber resilience has evolved into a form of strategic agility, ensuring that when an interruption occurs, the business does not just survive; it snaps back into place before the market even notices a pause.

Read more...
You will not get your files back with VECT
Information Security
If the newbie to the ransomware scene, VECT, comes knocking at your organisation’s door, do not pay the ransom! The decryption keys simply do not exist. They were discarded at the moment of encryption by the malware itself.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.