Cyber Security Essentials for Small Businesses in UAE
In this article, we will discuss the 7 most essential cyber security controls for SMBs in UAE that will help them protect against cyber criminals accessing digital assets.
The methods hackers use are evolving and it is important to revisit your strategies to help mitigate your cyber risks.
1.Application control
Prevent the execution of malicious programs including .exe, DLL, scripts (e.g. Windows Script Host, PowerShell and installers).
Why: Malicious code is often contained in non-approved applications. Blocking these type of applications will prevent them running and infecting your systems.
2. Patch operating systems and applications
Patch all systems (computer and network devices) with high risk vulnerabilities as soon as possible. Always update to the latest operating system version and never use unsupported versions.
Adobe, Microsoft Office, Java and PDF viewers etc. Attempt to patch high risk vulnerabilities within 48 hours of patch release. Always update and use the latest version of applications.
Why: Security vulnerabilities in software applications are often exploited to run malicious code.
3. Application hardening
Configure web browsers to block Flash (ideally uninstall it), ads, and Java. Disable features that are not used or required in Microsoft Office (e.g. OLE), web browsers and other applications, such as PDF viewers.
Why: Flash, ads and Java are common ways to deliver and execute malicious code.
4. Configure Microsoft Office macro settings
Block macros from the internet and only allow vetted macros in ‘trusted locations’ with limited write access or use digitally signed trusted certificates.
Why: Microsoft Office macros are often used to deliver and execute malicious code.
5. Multi-factor authentication
Enable MFA for all users (where possible) to protect your online services, RDP, VPNs, SSH and other remote access methods.
Why: Multi-factor user authentication makes it harder to access online systems.
6. Restrict administrative privileges
Don’t allow users to use privileged user accounts on operating systems and applications. Validate the need for privileges based on user requirements.
Why: Administrator accounts have full access to everything. Restricting their use reduces the risk of them being hijacked or compromised.
7. Daily backups
Ensure new and modified data including software and configuration settings are backed up daily. Ideally retain, disconnected or offline for 3 three months. Regularly test restores should be performed.
Why: Ensures data and systems can be recovered following a cyber security incident.
Let us talk
These essential small business cyber security tips are globally recognised as key strategies in the fight against cyber crime.
For more information on how you can improve your cyber security, book a free consultation with one of our experts.