Cybersecurity looks complex, but for most SMEs the issue isn't sophisticated attacks: it's the basics. Phishing that works because everyone uses the same password everywhere. Ransomware that encrypts everything because there's no real backup. Compromised accounts because there's no two-factor authentication.
After regaining control of a dozen compromised infrastructures in 3 years, I can say with certainty that 80% of the incidents I've seen would have been prevented by four simple actions, cheap and quick.
1. Real (and tested) backup
Backup is your insurance against ransomware. Without it, you get hit, pay, pray. The rules of real backup:
The 3-2-1 rule
- 3 copies of data
- 2 different media (e.g. NAS + cloud)
- 1 off-site copy (physically separated)
What to back up
- Database (nightly + archived weekly)
- Shared files (Drive, SharePoint, NAS)
- Email (especially if it's your CRM)
- Server and cloud service configurations
What ISN'T a backup
- Sync (Dropbox, OneDrive): delete it, cloud deletes it too
- RAID: if attack encrypts files, RAID copies encrypted files
- Admin panel screenshots
Untested backup doesn't exist
At least once every 3 months: take a backup, restore it to a test environment, verify it works
