10 Ways to Protect Your SMB Against Cyberwarfare

Pertinent global events and recent cyberwarfare have increased the fear of cyber-crime for small and medium-sized businesses (SMBs), irrespective of organisation size and industry. By taking the right steps now, you can protect your business from a severe and costly cyber incident.   

As a minimum defence, your business should follow these 10 proactive steps to protect your SMB against cyberwarfare: 

1. Train Your Staff

The most common way cyber criminals get access to your network is through your employees. Hackers will send fraudulent emails impersonating someone in your organisation or known and common suppliers. They often seem legitimate to an untrained eye and it’s easy to fall for the traps which is why ongoing training is vital to maintain awareness. Gone are the days when you could spot the emails from the unknown foreign relative who left you his vast wealth, today’s phishing emails are sophisticated and often access systems in the background as soon as you open the links or attachments. 

2. Use a Passphrase Instead of a Complex Password

For many systems, passwords are the sole form of authentication. Poor password complexity, including insufficient length or the inclusion of commonly used words, may allow an attacker to guess the password and gain unauthorised access to the system. Generally, the more complex the password, the more difficult it is for an attacker to guess.  However, remembering a complex password is difficult.  Instead encourage users to use a passphrase instead of a password.  A Phase phrase consisting of 3-4 words which is easy to remember and a lot harder to hack (check out this short guide we have put together to find out what makes a strong password).

3. Enable 2/Multi-factor Authentication (2FA/MFA)

2FA (or MFA) can be viewed as one of the quickest yet most effective forms of cyber security. By adding a layer of security to your log-in, you are adding an additional security layer in between you and a potential attacker. For easy installation we recommend using the Microsoft Authenticator app where possible which is available for free on the app store. 

microsoft authenticator
4. Use Endpoint Protection

Endpoint security software protects workstations and servers and scan everything that happens on these endpoints. Ensure that you choose a corporate endpoint detection and response (EDR) software and not just a common antivirus software. It is easy to opt for a free or cheap version but when it comes to endpoint protection it is important to choose a corporate EDR which can centrally push out security policies to all corporate workstations and servers. 

5. Backup Your Data

Many companies have backups in the event of a corrupt database or a physical disaster, but often these backups are inadequate to recover from a cyber incident. In the event of a cyber attack you need to have access to offline backups which malicious actors cannot encrypt. Always make sure you regularly test your incident response plan including the recovery of back up data! 

6. Keep Your Systems Updated

An essential part of cyber security, particularly during cyberwarfare, is regular patching of software to ensure that it is always on the latest version (known as ‘patch’). Attackers will be relentlessly searching for outdated software that they can exploit to gain entry and by regular patching of your systems (to fix any security vulnerabilities) you can reduce the risk of unauthorised access dramatically. Automated software ensures that this is done in the background and without delay. 

7. Follow 'Least Privilege' Principles

‘Least privilege’ principles and policies are best practice for role-base access control. In its most basic form, least privilege ensures that employees have only access to data and systems which they need to use to fulfil their role, including ‘user’ and IT ‘admin’ accounts. Ask “does this person need access to this”? If the answer is no, they don’t get access. ‘Least privilege’ makes it harder for a cyber-criminal to gain access to data as only specific staff will have access rights to specific data. 

8. Encrypt Data Where Possible

Encrypting data means that only parties with the right key can read and see that data.

Encrypting data whilst it is moving around (in-Transit) and when at rest is an important step to make sure your data is safe.

As a result, encryption helps to protect private information by making it difficult for an attacker to read or access your information if they have a copy. 

9. Test Your Incident Response Strategy for Cyberwarfare

Practice makes perfect. You can never be truly prepared for an attack if you haven’t run through the steps of what this could look like for your business. By having an incident response team on-call in case of an attack and a contingency plan (including offline backups) in place for data recovery, you can be certain that if disaster strikes, you will be in safe hands. 

10. Zero Trust Security

Zero Trust is a key concept in cyber security. It assumes all new connections to the network are suspicious until authorised. Staff can’t connect new devices or install software without approval to ensure nothing malicious is uploaded to the network. By requiring user authentication to all systems and by closing off all unnecessary network access, companies ensure that there’s no ‘open door’ for malicious actors to gain access from the outside or inside the network. You should also ensure that you keep your ‘guest’ network separate from the corporate network to prevent malicious actors from ‘jumping’ across. 

If you have found this list useful, we would love to know! Or feel free to share this list with your friends and colleagues to help keep their data safe online. 

If you require assistance with any of the issues raised in this article, please don’t hesitate to get in touch with our cyber experts today. 

Subscribe to our newsletter

Stay updated with our latest blogs and company updates.

Kurt Schrauwen

kurt SCHRAUWEN

Director

Kurt Schrauwen is a Director of the Riela Group of companies which includes Riela Yachts, Riela Cyber and Riela Tech. 

Kurt brings more than 20 years of leadership experience having been an early part of the global success of Microgaming in becoming a market leader. Kurt was responsible for the commercial, contractual, and technical sales for Microgaming and with this experience will complement the company’s growth strategy.

Kurt is passionate about business optimisation and prides himself in having an intrapreneurial outlook to maximise staff potential, reduce inefficiencies as well as identifying and maturing revenue growth opportunities.

Paul Cocker

Service Delivery Coordinator

Paul Cocker joined the Riela Group in late 2021, after spending just under 20 years with his previous employer.

Paul is responsible for the Riela Tech service levels, working on both the dispatch function and SLA management. Paul carries out a variety of duties across the Network Operations Centre and works closely across the wider team to deliver professionally tailored solutions for our Riela Tech clients.

GET A QUOTE

we’re Here
To Assist You

Something isn’t Clear?

Feel free to contact us, and we will be more than happy to answer all of your questions.

Murat Guner

Infrastructure Engineer

Murat Guner joined the Riela Group in the Summer of 2021 as an Infrastructure Engineer.

Murat began his career in Turkey as a computer teacher for primary and secondary schools before migrating his skills into IT infrastructure. After honing his IT experiences throughout a colourful career path, Murat gained numerous qualifications which he is now excited to apply to the management of our Riela Tech infrastructure.

Andrew Clucas

Senior Network Engineer

Andy is a qualified Network Engineer with in-depth knowledge of architecting, implementing and supporting networking solutions in the SMB, Enterprise and Service Provider environments.

He has over 20 years of experience working across multiple vendor operating systems, including Cisco, Juniper, Linux and Microsoft, and has also been responsible for implementing a variety of large scale network services deployments, taking projects from design to rollout and support.

Andy also has experience of deploying and migrating a range of virtualisation technologies including VMWare, Hyper-V and KVM based systems.

Marc Dorey

Infrastructure & Managed Services Lead

Marc is our Group’s Infrastructure and Managed Services lead with over 18 years’ experience in delivering infrastructure projects across multiple industry verticals and international jurisdictions.  From projects in Aerospace and Engineering through to Banking and Insurance, from Europe, China, Africa and Australia.

This experience is matched with a varied list of certifications from leading industry vendors such as Hp, Cisco, Microsoft, Ruckus, CompTIA and more.  As a qualified technical trainer Marc is comfortably able to take complicated technical concepts and deliver them in simplistic terms to key decision makers and end users alike.

Most of Marc’s experience has been gained working for managed service providers, both large and niche and as such is able to take real world experience and blend it with industry standards to help align our service delivery with our clients values and processes.

Alexandria halsall

Marketing Executive

As a Marketing Executive, Alex is responsible for all marketing duties spanning the Riela Group.

Alex joined the Riela Group in August 2020, shortly after graduating with a Psychology degree from Nottingham Trent University.

With past work experience in content marketing, event management and web design, Alex is able to apply her creative and analytical skills into the Riela strategy.

Matthew Roberts

Head of Sales

As the Head of Group Sales at the Riela family of companies, Matthew leads the company’s sales strategy, execution, and growth.

Matthew has a successful record building trusted client relationship and delivering upon set expectations. An accomplished sales leader, he delivers a sales process that provides clients with the information and support they need to make the right decisions for their organisations and their constituents.

Matthew has significant experience within the maritime industry having previously worked across various sectors including insurance, security, satellite communications and managed IT. Matthew’s most recent experience encompasses almost 5 years spent with the leading satellite communications and managed IT provider in the maritime industry, focusing on their superyacht clientele.

Christian Goelz Riela Cyber

christian goelz

Director

Christian is involved across the Riela family of companies with particular attention to the technology businesses, Cyber and Tech.

Christian gained a postgraduate Master in Finance degree at the University of Neuchatel, Switzerland and completed his MBA at the University of Chicago Booth School of Business.

Before joining us, Christian worked for six years at Argosy Capital, an Isle of Man-based private equity and venture capital business focusing on early-stage growth businesses. At Argosy, he focused on managing investment companies, research and financial analysis and served as a director on several boards.

ROBERT TOBIN

Riela Group Managing Director

Robert Tobin is the Managing Director of the Riela Group of Companies and is responsible in overseeing our business operations, our people and driving excellence in all we do.

Rob brings over 25 years’ of successful leadership and entrepreneurial experience across a range of industries including Family Office, corporate services, construction engineering, Superyachts, cyber security and information technology development to our Group, and to our customers.

In the past 15 years Rob has gained a prominent reputation within the Superyacht industry for his passion, integrity, innovation and achievements to date.

“Being part of an awesome, capable and forward thinking team that have a shared passion for Superyachts, people and the environment is the highlight of my career and puts a smile on my face and a spring in my step everyday”.

Peter Astell Burt

Director

Peter is an experienced technology consultant with a demonstrated history of working in the IT and cyber security industry.  Skilled in Search Engine Optimization (SEO), IT Strategy, Start-ups, Regulations, and Online Gaming. Strong consulting professional with a DPhil focused in Natural Sciences from ChristChurch, Oxford.