Skip to content

Trending tags

Endpoint Protection & InfoSec Awareness – Cyber Security Basics for SMEs

F-Secure Global

05.06.18 4 min. read

Cyber security is a business-critical priority for all modern companies. Period.

Big and small, or anywhere in between: you need to keep your data and devices safe. Losing your production capability, intellectual property or just straight up cash is not something anyone can brush off easily. Let’s not even get started on customer data – the GDPR is finally here, and the playing field has changed for good.

The point is: you don’t want to get breached.

Although cyber attacks directed against larger businesses are behind most news headlines, SMEs are actually some of the most popular targets for skilled hackers and run-of-the-mill criminals alike.


Simply put, they’re the perfect mark. There’s not as much investment in security, a lower degree of general IT awareness and a decreased chance to run into a dedicated cyber security professional.

In other words: it’s easier to pull off a successful operation, and you’re not likely to suffer many consequences if you fumble an attempt. Bullies always pick the little guy.

The stats surrounding SMEs and cyber attacks are pretty damning:

– 61% of all data breaches involved businesses with a headcount of less than 1,000

– An average data breach costs a small business 36,000$

– There are approximately 100 million new malware samples discovered each year

These figures are on the rise, too. As long as more and more hackers acquire the relevant skill set, there’s no end in sight. Make no mistake: it’s not about if you’ll get attacked, as much as when.




What to do?

It’s simple: get ready.

Don’t worry – we’re not talking about anything extreme here. If you’re designing websites or selling clothes for a living, it doesn’t make much sense to become a cyber security pro on top of your regular job.

But you do need to get the basics right.

Endpoint protection

In terms of concrete investment, you should be looking into a comprehensive endpoint protection (EPP) solution that covers all your devices from Windows computers and Macs to iOS and Android devices.

This is it – the famous “antivirus”. Except nowadays even the simplest software package is so much more.

Endpoint protection is the most basic security measure for modern businesses, but it will block the majority of the attacks coming your way. On top of total device coverage, your solution should have:

– central management = deploy security across all your devices in one go, and manage everything through a single portal (It’s like magic!)

– proven protection capabilities = look for test results from trusted third parties (This is a situation where it’s better to go with the most reasonable choice, instead of the coolest, most sci-fi sounding option)

– patch management and mobile device management = patch your software automatically and control your mobile devices (Spend less time micromanaging updates and skip the full-blown panic when you lose your phone)

– ransomware protection = increase your resilience to ransomware, and recover your data in case of a successful attack (Save your tears for something better! Get it?)

– mobile VPN = prevent man-in-the-middle attacks, and work safely from insecure Wi-Fi networks (Travel worry-free and take full advantage of Starbucks’ Wi-Fi)

Sounds like a lot, but good endpoint packages include all of the above (have a look!).

To keep things simple, a cloud-based solution is your best bet.

Think like a hacker

Pretty extensive, right? Unfortunately, this doesn’t cover everything. Despite great EPP, there’s still some things you need to be responsible for.

Attacks utilizing social engineering tactics, spearphishing and password exploitation continue to grow in popularity, and these are more difficult to stop without investments in more advanced security products.

The budget solution? Vigilance and awareness. More specifically:

– use strong (preferably randomly-generated) passphrases, and store them in a reliable password manager (it’s great if your endpoint package has it already!)

– familiarize yourself with the basics of operations security or OpSec (here’s a handy guide created by our ethical hackers!)

– Stay up-to-date on the latest cyber incidents and security developments – follow people on Twitter, and read relevant blogs and news sites (subscribe to the newsletter, and we’ll keep you posted!)



Don’t Be an Easy Target

That’s it. This is the groundwork. It’s a good idea to also invest in more advanced solutions, but this is the stuff that’ll give you a solid security baseline.

In the end it comes down to this: most attackers are normal criminals. They’re looking for easy money, which translates into easy targets.

So, you should aim to do better than your neighbors. Invest in the basics, and turn yourself from a sheep into a wolf.

Actually, I’ll flip that: be the third little piggy in the brick house instead of a bungalow made of hay or sticks.

You won’t be untouchable by any means. But when the big bad wolf looks around the neighborhood for easy prey, you’ll be the last one on his list.

F-Secure Global

05.06.18 4 min. read


Leave a comment

Oops! There was an error posting your comment. Please try again.

Thanks for participating! Your comment will appear once it's approved.

Posting comment...

Your email address will not be published. Required fields are marked *

Highlighted article

Related posts

Newsletter modal

Thank you for your interest towards F-Secure newsletter. You will shortly get an email to confirm the subscription.

Gated Content modal

Congratulations – You can now access the content by clicking the button below.