How to protect your business against cybercriminals

The number of digital attacks has tripled in the last three years, yet 9 out of 10 small and medium-sized businesses are not adequately protected against digital threats. − All businesses are potential targets for cybercriminals, says security expert Thomas Dahl. 


Picture: Thomas Dahl, BDO

− Never before has it been more important to shield yourself against digital attacks, says Thomas Dahl, a security expert and partner at BDO. 

With over two decades of experience in combating cybercrime, Dahl has played a key role in establishing cybercrime units, including his work at Kripos. Today, he assists businesses in proactively preventing and effectively handling digital attacks. 
 

Small businesses are more vulnerable 

According to Dahl, the increase in the number of attacks is due, in part, to the fact that in recent years, there have been more areas that criminals can attack and exploit. 

− Remote work is an example, where the digital defence system is weaker. In essence, we are attacked in more ways, and through more methods than earlier, he says. 

The SME-market are most vulnerable. Microsoft's statistics show that more than 70 percent of registered data attacks are aimed at smaller businesses. 

− Many may think that they are too small to be a target for cybercriminals, but that is a false assumption. We’re seeing an increase in automated attacks, where criminals systematically scan thousands of businesses and select the most vulnerable ones. A lot of SMEs are focusing less on IT security. They’ve also got fewer resources to protect themselves compared to large businesses. That’s why SMEs are more vulnerable to attacks, says Dahl. 

 

Attacks can be prevented 

According to Dahl, there are immediate measures that can be done to improve cybersecurity. 

− Rule number one for preventing attacks is keeping systems and software up to date at all times. New vulnerabilities keep emerging, which system providers try to patch by issuing updates. Ensuring that the business is up to date is an inexpensive way to reduce the risk of attacks, Dahl advises. 

The security expert also recommends that businesses minimize the use of administrator access and uses two-factor authentication where possible. 

− We've seen cases where criminals have acquired passwords and usernames on the dark web and used them to log into a company's email. If the business had used two-factor authentication, this would have been prevented. Working with security measures, the goals is to close as many loopholes as possible that criminals can exploit, says Dahl. 

 

Test and practice 

To prevent data attacks, regularly testing your systems is a good way to keep ahead of the curve. 

This can be done by a company such as BDO, where they attempt to hack into the company's systems and identify vulnerabilities. 

− This is gives you a good indication of how mature your IT-security is, says Dahl. He also recommends keeping all employees updated on the existing threats. 

− Raise awareness among employees and ensure they are aware of the risks the business may face. More than 90 percent of attacks occur through email scams and phishing, so employees need educating to recognize what a fake email looks like, he says. 

Lastly, Dahl advises all businesses to develop an emergency plan that employees are familiar with. When disaster strikes, everyone should know what to do. 

− Practice on your emergency plans, and make sure your backup procedures are working. We know that 66 percent of those affected by ransomware pay the ransom. We never recommend paying, but if the business does not have a well-functioning backup, a ransomware attack could be the end, says Dahl. 

 

Five steps for preventing digital attacks 

  1. Always keep systems and software up to date. 
  2. Do not grant administrator privileges to employees and use two-factor authentication as a minimum precaution. This often prevents criminals from hacking into the company's systems. 
  3. Regularly test the business's services and applications to check for vulnerabilities. 
  4. Ensure your employees are up to date and aware of current cyber threats. 
  5. Develop an emergency plan, conduct drills, and check that backup systems are functioning. 

Take control of your cybersecurity − contact one of our advisors.
 

The article was originally published on June 9, 2022.