Cybersecurity in 2023: the ultimate checklist for SMEs

In Switzerland and around the world, cybercrime is on the prowl, threatening your IT security. Organizations of all sizes need a cybersecurity plan in 2023. For small and medium-sized enterprises (SMEs), the need is even greater, as cybercriminals have increasingly turned their attention to smaller organizations in recent years. This is evidenced by the fact that incidents targeting companies with fewer than 1,000 employees will increase by almost 200% by 2022.

Luckily for you, you're in good hands! EVOK has put together the ultimate checklist for solidifying your cybersecurity in 2023. To this end, our blog post will focus on risk areas and opportunities for improving the security of your operations.

Which threats jeopardize your cybersecurity?

Before we get to the checklist, it's important to understand what dangers you're facing. For SMEs in particular, here are some of the cybersecurity threats in 2023:

1. Ransomware. A type of malware that encrypts a victim's data and demands a "ransom" to restore access to files and the network.
2. Phishing. This is a type of social engineering. It aims to trick users into bypassing normal cybersecurity practices and disclosing sensitive data such as usernames and passwords, bank account information, social security numbers, credit card details, etc.
3. Incorrect firewall configuration or absence: There's no need to demonstrate the importance of the firewall to your cybersecurity in 2023. Correct configuration and maintenance of your firewall are essential to your network's security.
4. Your employees can be the weak link. Lack of investment in resources translates into a more lax environment. Most employees still use easy-to-guess passwords to access company accounts. Some are unable to spot the danger signs in attacks.

The checklist to solidify your cybersecurity in 2023

Define strict password policies

Strict criteria for employee passwords will prevent unwanted access. Try the following to establish and maintain strong password policies:

• Use multi-factor authentication (2FA) for enhanced account protection.
• Require organization-wide password changes on a regular basis, or when a data breach occurs.
• Prohibit employees from sharing their login details.
• Use password generators to guarantee password complexity.
• Use encrypted password managers to store passwords securely.
• Require employees to use different passwords for each account.

E-mail restrictions

Email is one of the most common points of entry for cybercriminals and malware. The first step is to choose the right e-mail hosting provider. If you're based in Switzerland, you should opt for an e-mail tool that's hosted entirely in Switzerland. If you are, for example, a municipality, a nursing home, a medical practice or a financial institution, you need to comply with the Swiss Data Protection Act (Art. 18 al. 1 LPrD). EVOK offers you Hosted Exchange® hosting, 100% Swiss and under Swiss law, with replication on a geo-cluster in our Fribourg and Lausanne datacenters.

And don't forget to use spam filters, message encryption and antivirus software to prevent threats from reaching their targets.

Multiple layers of protection

Also known as multi-security or defense-in-depth (DiD), the idea here is to adopt a layered approach to security with intentional redundancies - so that if one system fails, another immediately takes its place to prevent an attack. Maintaining multiple layers of protection includes the following:

• Use antivirus software and run scans after software updates.
• Install firewalls and intrusion protection systems on your network.
• Use a virtual private network (VPN) to secure your company's Internet traffic.
• Analyze all your company's data to detect suspicious behavior.

To find out more about network security, take a look at ourIT audit offer.