Digital assaults are escalating in their severity and menace.

Digital assaults are escalating in their severity and menace.

In the rapidly evolving digital landscape, small and medium-sized enterprises (SMEs) are increasingly becoming targets for cyber-attacks. A recent survey reveals that only one in five medium-sized companies follows best practices for weekly backups and secure storage, and an alarming 79% believe they are doing enough for their IT security [1]. However, the CEO of GDV warns that the SME sector is underestimating the risk of cyber-attacks [2].

Ransomware attacks pose a critical threat to SMEs, with the potential for data loss or ransom demands. Human error, such as falling for phishing attacks, accounts for approximately 85% of data breaches. Inadequate backup strategies, outdated software, and insufficient data access controls further compound these issues [3].

To combat these challenges, the Cyber Secure initiative and recent GDV surveys emphasize the importance of implementing resilient, layered backup solutions together with strong security practices [4]. Here are some recommendations for SMEs to improve their backup and IT security:

1. Adopt the 3-2-1-1-0 backup rule: Maintain three copies of data, on two different media, with one copy offsite, one immutable or air-gapped backup, and zero recovery errors verified by periodic testing. Immutable backups prevent ransomware from altering or deleting backup files.
2. Regular automated backups: Ideally daily, stored securely offsite (cloud or hardened repositories) to ensure data availability.
3. Backup verification and malware scanning: Before recovery to ensure data integrity and avoid reintroducing threats.
4. Separation of control planes: For production environments, backup infrastructure, and security controls to limit compromise impact, following zero trust principles.
5. Employee training: On cybersecurity awareness, such as phishing, as human factors are a major breach vector.
6. Implement Multi-Factor Authentication (MFA): For critical systems to block 99.9% of automated attacks.
7. Encrypt sensitive data: Both in transit and at rest to protect confidentiality.
8. Maintain software, firmware, and systems fully patched and updated: Including IoT and peripheral devices to close known vulnerabilities.
9. Limit access to sensitive information using the least privilege model and role-based access controls: Regularly reviewing permissions to reduce internal risk.
10. Establish an incident response plan: Detailing roles and communication procedures for breach containment and recovery.
11. Utilize hybrid backup solutions: Combining on-premises and cloud components for balanced performance, cost, and security in line with compliance requirements (such as GDPR or industry-specific regulations).

These combined practices form a comprehensive defense that enhances SMEs' resilience against cyber threats and data loss, reducing the risk and impact of breaches and ransomware. Regular testing of backup and recovery processes is essential to confirm readiness in the event of a cyber incident [1][2][4][5].

Despite these concerns, 70% of surveyed companies consider the risk to their own company to be low [1]. However, the reality is that SMEs are particularly vulnerable due to their complacency and should do much more to protect their IT systems [2]. A staggering 27% of those surveyed have already been victims of a cyber-attack [1].

In conclusion, SMEs must prioritize their IT security and data backup strategies to mitigate the risks of ransomware attacks and other cyber threats. By implementing the recommended practices, SMEs can significantly reduce their vulnerability and enhance their resilience in the face of these challenges.

[1] Source: [Survey on IT Security in SMEs] [2] Source: [GDV CEO's Warning] [3] Source: [Common Issues in SMEs] [4] Source: [Recommendations for SMEs] [5] Source: [Importance of Regular Testing]

• Implementing resilient, layered backup solutions, strong security practices, and the recommended strategies can help small and medium-sized enterprises (SMEs) combat challenges and reduce vulnerability to ransomware attacks and other cyber threats.
• Neglecting IT security and data backup strategies can leave SMEs particularly vulnerable to cyber-attacks, as shown by the increasing number of such attacks on these businesses.

Read also: