Transform your SME with cyber resilience by following ENISA’s advice

The digital transformation of SMEs, so necessary to compete in digital markets, is underway. Digital commercial exchanges require security to be reliable. Therefore, to survive in these markets we must be prepar to overcome possible cyber incidents. On the one hand, we must take the necessary precautions to maintain the availability of the systems that support our activity and, on the other, those necessary to offer sufficient guarantees of integrity and confidentiality to buyers and suppliers. But this is not enough; we not only have to do everything necessary to prevent incidents and know how to react to them, but also to resist them and recover as quickly as possible, learn from mistakes and continue to offer the market our product or service.

In this article, we echo a joint publication

By ENISA , the European Union Agency for Cybersecurity, and the computer emergency response team for the European institutions, CERT-EU . Its title in English is Boosting your organization Cyber ​​Resilience .

This publication, motivat by the continuous increase in the level of threat, consists of a list of good practices that all types of organizations are encourag to follow in a committ and systematic manner. They are confident that they will help to substantially improve the level of cybersecurity and increase resistance to possible attacks.

Do you dare to apply them?

Score one point for each of the ones you already follow and plan to complete the rest in less than six months.

Verify that remote access to our corporate services uses multi-factor authentication (MFA).
This includes VPNs , external corporate portals or extranets, or web-bas email access (e.g., Outlook on the web or Exchange Online). But beware, they recommend avoiding SMS and voice calls as a second factor to deliver one-time codes get a quote as much as possible, as they can be spoof. Instead, they encourage the use of spoof-resistant tokens , such as smart cards and FIDO2 ( Fast IDentity Online ) security keys, whenever possible.

Ensure that employees do not reuse passwords and encourage

Them to use multi-factor authentication (MFA) whenever possible (for example, on their social networks).
It is common for cybercriminals to break into our systems by carrying out attacks with stolen crentials , i.e. username and password, obtain from data leaks or leaks. This type of attack is possible because some users use the same crentials for different snbd host services, for example: email, social networks or to access the backend of the web portal. Therefore, we are remind that we should never reuse passwords . As a preventive measure, we can check if our passwords are in any known data breach and if so, change them immiately on all sites where they have been us. Whenever possible, it is recommend to use a password manager .

Check that all software is up to date

Priority should be given to updates that address known vulnerabilities, as these may already be being exploit. They recommend that this be part of a vulnerability management policy that includes an obligation to install high and critical severity adb directory patches as soon as possible. And do not forget to check that they have been fully appli, for example, if the system must be reboot after installation. They also encourage us to update, as regularly as possible, our personal home equipment: computers, smartphones, tablets, connect devices such as televisions, video game consoles and routers.
Monitor our networks and systems to prevent third-party access.