Small and medium-sized enterprises: here’s how to defend themselves from hackers

The cybersecurity experts of Sapienza University of Rome and the Cini Laboratory have drawn up a 15-point vademecum for SMEs

When we talk about technology, our thoughts immediately turn to information security. Especially because of the continuous hacker attacks, which now target any kind of target. Companies and institutions, which are the reservoirs of valuable confidential information, are particularly affected.

The digitalization process in the industrial field has, as some cybersecurity experts point out, increased the risks. Always-connected devices are, in fact, potentially hackable. And in some cases the effects can be dramatic. Let's think, for example, if a hacker were able to control and operate at will a device used in the working field. It is therefore necessary to pay particular attention to the computer security of all devices with Internet access. This is especially true for small and medium-sized enterprises, which are often not very careful about investing in cybersecurity.

Low investment, high economic damage

Not focusing on cybersecurity has a negative impact on the budget of SMEs. Companies would have to pay on average 175 thousand euros in 5 years to face the damages caused by IT attacks. Figures that are significantly higher than the annual investments: 7,800 euros for the small company and 19,800 for the medium-sized company. This is what can be guessed from the "2016 Italian Cybersecurity Report - essential cybersecurity controls", a report realized by the Research center of cyber intelligence and information security of the Sapienza University of Rome and by the Cyber Security National Lab of the National Interuniversity Consortium for Informatics (CINI).

The vademecum for SMEs

The report, which was presented on March 2 at the Aula Magna of the Rectorate of Sapienza University in Rome, suggests in 15 points how to protect themselves from hackers and is mainly addressed to small and medium-sized enterprises. Here is the list of the vademecum.

First point: check all devices, software, services and computer applications used in the company. Secondly, check whether the third-party web services you have registered with are really necessary.

Thirdly, identify the information, data and systems that are critical to your business so that they can be protected.

Fourthly, appoint a person to coordinate the management and protection of information and systems.

The fifth point focuses primarily on governance: you must find and comply with the cybersecurity laws and regulations that are applicable for your company.

Sixth point: you must assess that all devices have up-to-date security software (antivirus, anti-malware).

The seventh, eighth and ninth points focus on password management, authentication systems and accounts. Passwords should always be different for each account and never shared with others. It's also important to consider whether the service provider offers more secure authentication systems.

The tenth point discusses training and awareness of staff who need to be able to handle all business tools and be able to understand any cybersecurity threats.

In the eleventh and twelfth points, the report focuses on data protection. È qui il pensiero va ai ransomware. É fondamentale eseguire dei backup regolari di tutte le informazioni e di tutti i dati importanti per l’azienda. E poi è anche necessario cambiare le credenziali di default di accesso ai sistemi.

Nel tredicesimo punto si parla delle reti, che devono essere protette dagli hacker con i giusti strumenti (firewall).

Il report chiude con la prevenzione: nel caso si verificasse un attacco hacker, è il personale esperto in cybersecurity che deve intervenire. E poi è fondamentale mantenere aggiornati tutti i software in uso.

Come difendersi dagli attacchi hacker

Cliccando sui link che seguono, invece, potrete scoprire  suggerimenti, alcuni più tecnici altri più alla portata di tutti, riguardanti la sicurezza informatica e scoprire le tipologie di attacchi più comuni: dagli attacchi DDoS al phishing, passando per le botnet.

  • Dai cyber terroristi ai White hat hacker, ecco chi sono e cosa fanno
  • Proteggere la privacy e dati personali, i consigli dell’esperto
  • Sei consigli per mettere al sicuro la vostra piccola o media impresa
  • Dieci consigli per non cadere nella trappola di una e-mail phishing
  • Come proteggere la tua mail con Password Sicura: cos’è e come funziona
  • Salvarsi dagli hacker: 5 errori da non commettere
  • Allarme virus, trojan e ransomware, la guida per difendersi
  • Cosa sono i ransomware e come si diffonde il contagio
  • Pericolo ransomware: come difendersi con buone pratiche e antivirus
  • Dilemma ransomware: è possibile fermare il "virus del riscatto"?
  • Attacco ransomware: piccole e medie imprese in pericolo
  • Cosa sono gli attacchi DDoS, come nascono e come difendersi
  • Cos’è il phishing? Una pericolosa truffa: ecco come non abboccare
  • Privacy online: ecco come salvaguardare i nostri dati personali
  • Come creare una password forte per proteggere l’identità online
  • Addio ai furti di password, ecco la verifica in due passaggi
  • I migliori password manager per mettere al sicuro i propri dati