As Australian businesses and SMBs start to formulate their budgets for FY18, ESET is underlining the importance of security irrespective of their business size.
However, SMBs are more likely to underplay security's importance, particularly around reaction and response.
The company says that SMBs need to understand threats and draw on expertise from IT departments, ensuring the FY18 protects all aspects of the business.
ESET senior research fellow Nick FitzGerald says, "“Irrespective of business size, it’s critical to have a broad reach across the whole organisation with a cohesive cybersecurity solution, and more importantly, a response and reaction plan".
The company says that even cyber insurance firms are starting to get tougher on security requirements. Recent cases have not looked favourably on 'we had firewall and antivirus but still got hacked' cases, suggesting that businesses now need much more.
Cyber insurance policies tend to cover requirements that can, at a minimum, ask for competency across process, logging and monitoring so that businesses are covered when breaches occur.
ESET says that for some businesses who have those kinds of protections, cyber insurance is a good option. If not, businesses should consider upping their security so they're actively preventing threats and covered if breaches occur.
The company also says that there are three areas SMBs and businesses should focus on: Security, reliable backup and talent.
Security: Comprehensive endpoint security software that offer extra, interoperating levels of security. Anti-malware is also recommended.
Reliable backup: Backing up systems at regular intervals is crucial. Keep one backup on offline storage at all times. Also ensure backup systems are working properly.
In addition, it can take a long time to deploy patches and system software updates, but it will save businesses in the long run. Turning on automatic updates can help this process.
Managed service providers should also check what system update policies apply to their systems and consider their applicability.
Talent: Training employees to identify threats and investing in talent is the best way to maximise current assets, ESET says.
Move beyond compliance to training systems and encourage them to become the change to better defend themselves and their company. using real-world examples of threats and threat protection can help them in the workplace - and at home.
ESET says a team doesn't need to be a collective cybersecurity expert, however a good understanding of the warning signs to look out for and having procedures in place that emphasise the importance of reporting will go a long way.