Thank you for contacting us, we will respond as soon as possible!
Evert van de Beekstraat 1
1118 CL Schiphol
+31 (0) 20 799 1548
For small and medium enterprises, cybersecurity is an opportunity for taking advantage of the digital economy.
The cyber risks for entrepreneurs are diverse and range from paying ransom to regain access to their own files (ransomware) and the network, to the failure of production facilities, which endanger the continuity of the company.
The reality is that entrepreneurs face cyber threats and risks on a daily basis. A growing number of SME’s are part of the value chain in vital sectors and must defend themselves against cyber threats and invest sufficiently in cybersecurity.
The Digital Trust Center (DTC) in the Netherlands, has established a number of principles for secure digital business to help entrepreneurs to set up basic security. Entrepreneurs who follow these basic principles increase their digital resilience to cyber threats that can disrupt their business operations.
The basic principles are:
These principles are further explained below.
An inventory of the vulnerable components for cyber threats within your company consists of various components. You not only make an inventory of what equipment, software, network connections and data you have and what the vulnerabilities are, you also map the technical dependence on suppliers.
An inventory also forces you to think about what to do in the event of a cyber incident due to the manifestation of cyber threats.
Here you look at:
You determine the likelihood of a cyber threat occurring and the impact.This way you get a picture of the risks for your company.
Insight into risks makes it easier to increase resilience to cyber threats. Good insight into your risks means that you can make a well-considered choice as to where you can invest best in terms of measures and which risks you accept.
Should a cyber incident ever occur, the inventory will prevent you from missing out on something and it will become easier to distinguish between main issues and side issues.
If you want to better protect your house against burglars, you make an inventory of your most important possessions and where people can easily enter your house. It is also useful to think in advance who you should call in the event of a burglary.
Make a schedule for backups. You use a backup to restore data if it is damaged by, for example, a system error, incorrect storage or a virus. Or if the device on which they are stored is broken, lost or stolen, for example. But also if you have changed or added important files.
Disconnect backups from your network, keep them in a safe place and possibly encrypt the files for extra protection. Date the backups made so that the chance that you restore an infected backup is smaller and practice restoring a backup.
Equipment and software suppliers often choose default settings. All settings are also often installed in ‘on’ as standard. This is very handy for quickly and easily installing new stuff or getting internet access. But as an entrepreneur you are very vulnerable to cyber threats if you do not change these settings from the first use. You then open the door for unauthorized persons.
The use of standard settings creates the risk that equipment, software and network connections can be accessed directly from the internet. It is a second job for automated programs to track these systems online.
Cyber criminals can request or change the information stored in devices, software and networks. Depending on the type, the device can also be controlled remotely. Think of webcams and microphones that are served by a cyber criminal without your knowledge.
After delivery of your new house with standard locks, replace the cylinders of the locks so that you are better protected against burglars that often have the standard keys.
There are different types of firewalls. The two most common are:
Some routers include a firewall that can be used for network security. The possibilities for this vary per brand and model. Ask your internet provider or the router manufacturer about the options.
Manufacturers of equipment and software are constantly working to further develop their products. Updates bring the latest functionalities to the end users. Discovered vulnerabilities or better security are also offered via updates. So always install the most recent security updates immediately so that you are as secure as possible.
If your devices and software are up-to-date, your company has the least chance of viruses and you remain protected against the most current cyber threats and risks. This is because a virus uses vulnerabilities in older versions of devices and software.
Car manufacturers are constantly investigating how they can improve the security of their cars. If they find out that their airbags are insufficiently safe, they will call you to the garage to adjust the airbags. For your own safety it is better to have such an update performed.
Check whether devices and software are up-to-date. If not, install the most recent security updates immediately. Switch on automatic updates so that your devices and software will always run on the latest version. Occasionally producers also release a so-called “patch”. These are often minor updates that address a very specific problem. Also don’t forget to install this directly.
In order to minimize the chance of accidents and abuse, it is important that everyone inside and outside the company only have access to the systems that match the work and the period for which access is required. Extended access rights should only be given for those who need it.
By limiting and determining access rights per employee, you prevent people inside and outside your company from gaining access to systems and data that they do not need to perform their work.
In a hotel you want guests to be able to move freely between the different spaces and facilities in the hotel. However, you do not want them to be able to walk around freely in the kitchen with their access cards or to enter other guests’ rooms. Other restrictions apply to suppliers or hotel staff.
Ensure that the access rights are adjusted if someone (from the inside and / or outside) receives a new position or leaves the company. In the case of a sudden (non-voluntary) departure of a system administrator, this is especially important. This also applies if we work with, for example, a new supplier or accountant.
Not a day goes by or you hear or read something about (new) viruses that cause inconvenience and damage to companies. The collective name for all software with a deliberately malicious effect is malware.
Some malware is intentionally distributed to damage systems or equipment, to steal data or trade secrets, or, in the case of ransomware, one of the best known forms of malware, to extort money from entrepreneurs by taking hostage systems and releasing them if payment has been made.
There are various ways in which malware can access a computer, smartphone or network. A user can open an infected e-mail (or attachment), visit an incorrect website or open an unknown, infected file via, for example, a USB stick. Whichever way, the malware infects the software it is looking for and often spreads itself as an oil spill to other devices and / or users.
By taking adequate measures to protect yourself against the effects of malicious software, you prevent malicious persons and / or outside organizations from causing damage to your devices, software or data via “faulty software”. You also prevent that they can take control of your systems and what they only want to cancel after payment of “ransom”.
If someone rings the doorbell with a package while you have not ordered anything, then you do not just accept the package.
There are four ways to protect yourself against malware:
Use versions of applications that support sandboxing where possible. For example, most modern web browsers implement some form of sandbox security. A sandbox application is running in an isolated environment with very limited access to the rest of your device and network. In other words, your files and other applications are kept out of the reach of malware if possible. Sandboxing is therefore a good way to open programs and files that you do not trust.
Danny Onwezen is ceo of scyber and experienced consultant in the field of secure digital business for small and medium enterprises (SME’s). He will be happy to tell you more about the possibilities for improving your digital security and resilience.