Businesses targeted by hackers, how to protect against frequent cyber attacks?

Written by Dragana Ilić, president of the Alliance for eGovernment at NALED

Small and medium-sized businesses, which make up almost 99.5% of the domestic economy and participate with more than 51% in GDP, are often the target of hacker attacks and that is why the application of preventive measures such as backups, installing antivirus software, updating the operating system and applications, data encryption and use of strong passwords is key to reducing the risk of cyber attacks.

These are the results of the Guide "Information Security Guidelines for Small and Medium-Sized Enterprises" which was created within the project "Strengthening information security". The project is carried out by NALED and the company TAG international, supported by the British Embassy in Belgrade. Although awareness of the importance of data protection is growing, thereby preventing losses, most SMEs apply less rigorous measures than necessary.

According to the data of the Republic Institute of Statistics, only around 40% of companies encrypt data, documents and emails, while only 13% of small ones have an assessment of the risk of hacker attacks and every fourth medium-sized enterprise. Antivirus programs are used only by a third of small businesses and less than half of medium-sized companies. More than one method of protection is rarely applied to access emails and other sensitive data. Less than a fifth of small enterprises and 40% of medium-sized enterprises employs specialists in the field of information and communication technologies.

It is impossible to prevent all cyber attacks and there will certainly be some, but it may be possible to stop some or most of them and prepare to minimize the consequences. Employees are the first line of defense. who need to be aware of the importance of their data security, both in business and in private life. Only by proactive protection companies can minimize the risk of theft of money, intellectual property, data.

Strong passwords and multi-factor authentication (email, SMS, OTP) should be used and secure internet browsers, and in public places it is mandatory to turn off the bluetooth connection, avoiding the use of open wireless networks and the careful and limited sharing of personal information, especially on social media.

In IBM Security`s regular annual hacking reports, it is stated that as much as 30% of the total number of incidents were recorded on European soil, while the average amount of damage caused by data leakage is about 4.88 million USD, including lost businesses. In more than 30% of cases, the cause of data leakage was an attempt to steal personal data through emails, SMS messages and even phone calls or passwords stolen or otherwise compromised. Motives for cyber attacks, in addition to money and identity theft, can also be disabling work and damaging the company`s reputation.

In small and medium-sized enterprises in Serbia, the awareness of the risks that exist when using the Internet is not sufficiently developed, or they are consciously neglected due to lack of funds and human resources. Serbia should soon receive an improved Law on Information Security, which will be aligned with new European directives. One of the main novelties is that all companies which operate in areas such as energy, transport, banking and health, will be obliged to check the compliance of their systems with the intended protection measures against cyber attacks at least twice a year.