Story image

FY18 is here: ESET's guide to top cybersecurity investments for SMBs

03 Jul 17

As Australian businesses and SMBs start to formulate their budgets for FY18, ESET is underlining the importance of security irrespective of their business size.

However, SMBs are more likely to underplay security's importance, particularly around reaction and response.

The company says that SMBs need to understand threats and draw on expertise from IT departments, ensuring the FY18 protects all aspects of the business.

ESET senior research fellow Nick FitzGerald says, "“Irrespective of business size, it’s critical to have a broad reach across the whole organisation with a cohesive cybersecurity solution, and more importantly, a response and reaction plan".

The company says that even cyber insurance firms are starting to get tougher on security requirements. Recent cases have not looked favourably on 'we had firewall and antivirus but still got hacked' cases, suggesting that businesses now need much more.

Cyber insurance policies tend to cover requirements that can, at a minimum, ask for competency across process, logging and monitoring so that businesses are covered when breaches occur.

ESET says that for some businesses who have those kinds of protections, cyber insurance is a good option. If not, businesses should consider upping their security so they're actively preventing threats and covered if breaches occur.

The company also says that there are three areas SMBs and businesses should focus on: Security, reliable backup and talent.

Security: Comprehensive endpoint security software that offer extra, interoperating levels of security. Anti-malware is also recommended.

Reliable backup: Backing up systems at regular intervals is crucial. Keep one backup on offline storage at all times. Also ensure backup systems are working properly.

In addition, it can take a long time to deploy patches and system software updates, but it will save businesses in the long run. Turning on automatic updates can help this process.

Managed service providers should also check what system update policies apply to their systems and consider their applicability.

Talent: Training employees to identify threats and investing in talent is the best way to maximise current assets, ESET says.

Move beyond compliance to training systems and encourage them to become the change to better defend themselves and their company. using real-world examples of threats and threat protection can help them in the workplace - and at home.

ESET says a team doesn't need to be a collective cybersecurity expert, however a good understanding of the warning signs to look out for and having procedures in place that emphasise the importance of reporting will go a long way.

What MSPs can learn from Datto’s Channel Ransomware Report
While there have been less high profile attacks making the headlines, the frequency of attacks is, in fact, increasing.
Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why Australian enterprises are prime targets for malware attacks
"Only 14% of Australian organisations are continuously training employees to spot cyber attacks."
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
Bitdefender announces security integration with Kaseya
The new partnership will allow VSA by Kaseya’s cloud and on-premises users to deploy and manage security with Bitdefender Cloud Security for MSPs.
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.