Pandemic lockdowns may subside, but phishing and cyberattacks will rage on: here are some tips for SMEs to keep safe.

Based on the latest statistics from Kaspersky, 834,993 phishing attempts against Small-Medium-sized Enterprises (SMEs) with 50-250 employees were detected in the first three months of 2020. This is a 56% increase compared with the same period last year, with just over 500,000 fraudulent attempts blocked.

In terms of per country statistics, all of the six countries in Southeast Asia had registered an increased number of fraudulent emails blocked by Kaspersky in Q1 2020 as compared with the same period last year.

CountryQ1 2020Q1 2019
Number of phishing attempts against SMBs blocked by Kaspersky

To further fend off the risk of phishing attacks, Kaspersky experts suggest the following tips for SMEs:

  • Educate your employees about cybersecurity
    Staff should be trained to not open or store files from unknown emails or websites as these could be harmful to the whole company. They should also not use any personal details in their passwords. In order to ensure passwords are strong, staff should not use their name, birthday, street address and other personal information.

    Regularly remind staff of how to deal with sensitive data, for example, to only store it in trusted cloud services that need to be authenticated for access and that the data should not be shared with untrusted third parties.

    Since the human factor plays an important role in this type of threat, Kaspersky has also launched a 20-30 minute free online course, which tackles how companies can secure their current remote working environment.
  • Employ a password-change policy to your employees
    Passwords protect all computers and other devices. Your IT security policy should cover strong password use; also set up a password-expiration policy to force users to change their passwords every 90 days.

    People must avoid logging-in to online banks and similar services via public Wi-Fi networks. Hotspots are convenient, but it is better to use a mobile connection or wait to get to a secure network than to lose all money on credit card or bank account intrusions. Open networks can be created by criminals who, among other things, spoof website addresses over the connection and thereby redirect you to a fake page.
  • Time use of patches, updates, and legitimate software
    Cybercriminals also tend to exploit vulnerabilities in software to compromise systems. For this reason, it is essential to set aside a time to run patches and updates that are regularly issued by software companies.

    SMEs should also use only legitimate software, to avoid falling prey to attackers targeting the security loopholes of pirated tools.
  • Install comprehensive security software across all your devices
    You need security on everything: servers, PCs, and other connected devices. Set it up to stay up to date and renew it on time. As emails are key communication platform for SMEs in Southeast Asia, Kaspersky is offering free six-month licenses for Kaspersky Security for Microsoft Office 365. This tool is an advanced, all-in-one threat protection for Microsoft Office 365’s communication and collaboration services. It curbs the spread of malicious threats including ransomware, viruses, Trojans, phishing, among others.