7 DIY Steps to Secure Your SME

“It takes 20 years to build a reputation and a few minutes of cyber-incident to ruin it.”

~ Stephane Nappo (Global CSIO)

Today, the world is on high alert with the spread of a virus epidemic. It attacks your respiratory system and if not taken care of immediately, can cause serious health issues – even death.

In a similar manner, cyber attacks and hacking could destroy businesses in a very short time.

Small and Medium-sized Enterprises (SMEs) value their customer’s trust more than anything. It can all be ruined if a hacker gains access to your systems. Therefore, it becomes important for you to consider investing some time in securing your website and your customer’s data.

In 2019 the hacking statistics were shocking. We have compiled some analysis on the stats as listed below:

  • 3% of cyber attacks were carried out for financial benefits which further reached in 6 trillion dollars in damages (almost doubled from last year’s 3 trillion dollars)
  • About 4000 ransomware was found in action.
  • 1 out of 131 emails was malicious.
  • About 93% of data breaches occurred in a span of a few minutes and of which 83% went undiscovered for weeks.
  • 81% of data breaches occurred because of weak or stolen passwords.
  • Over 40% of attacks had targeted small and medium-sized businesses.
  • More 51% of companies have admitted to having experienced DOS attacks.

Source: Everycloud.com

And this is only scratching the surface, you can read more statistics and about these data breaches here

Now that you know ignoring cybersecurity of your company can cost you dearly, let’s look at ways with which you can secure your company from breaches like this.

7 Ways to Secure your SME

Hackers only need to be lucky once, you need to be lucky every time.

Following the best Blue Team security practices can go a long way in securing your SME’s infrastructure and avoiding data breaches:


1. Periodic Vulnerability Scanning

A simple vulnerability scan is the first thing any hacker runs against your site. It scans the website or the network and gives information about any exposed data or CVE that your infrastructure may be vulnerable to.

A vulnerability scanner will show where your site is weak and what hackers can exploit to gain unauthorized access.

If your website is based around CMS like WordPress, Joomla, Drupal, etc you can check a security solution Astra’s Security Suite which provides features like Application Firewall, Immediate Malware Removal, and Security Audit & Pentesting all under one roof.


Source: Astra Security

2. Hide Sensitive Data from Search Engines

Search Engines like Google parse every page of your site including admin logins and sensitive data and display it as the search results. Thus hackers can use simple Google Dorks to leak sensitive data from your site.

This is why you need to keep Google away!

To do so you need to simply edit your robots.txt file in your site or create one if you may not already have. 

Open your robots.txt file and add the following line in it.

User-agent: Googlebot

Disallow: /directory/

Allow: /directory/really_cool_secret.txt

Now replace the directory and with the directories you want Google to not to visit. For more information, you can read here.

3. Always Create Backups

I cannot over stress on this point more – ALWAYS BACKUP YOUR SITE.

Backups may seem a little redundant when everything is running smooth. But their real value is realized in case of a hack when all your data is corrupted by hackers and you have no reliable backup to revert back to.

Hence, we recommend you to have a weekly backup system but a monthly backup may also work if you are a small scale company.

You can backup your site either manually or using third-party support such as Cpanel or a plugin. In order to manually back up everything, you can use Linux utility Rsync.

Source: Wikipedia

Follow these steps to backup your site with the help of Rsync with ssh.

  1. Login into the server with SSH
  2. Install Rsync with:

sudo apt-get install rsync

  1. Run the command:

sudo rsync -av delete /website-root/ backup/

  1. Run the command to create a zip file:

zip -r backup.zip backup/

4. Get SSL Encryption

This is not for your site’s protection but for your customer’s protection when they log in or access data on your site. TLS encryption protects your data from interception by attacks like Man-In-The-Middle attack or Phishing attacks.

Thus getting an SSL certificate builds your customer’s trust in your site and company and benefiting the company’s reputation in the long run.

5. Manage Access Controls

Access Control is the most commonly exploited bug to gain higher privileges on your website. Therefore it is important for you to configure privileges to your user accounts wisely.

Here are some recommended practices to follow while assigning privileges to user accounts:

  • Remove all inactive/outdated user login sessions
  • Assign only bare required privileges to user accounts
  • Give only bare minimum privileges to Guest Accounts

6. Bid Adieu to Weak Passwords

No matter how secure is your website the hacker will get in if you are using weak or common passwords. Following good password practices on your website can go a long way in protecting your site.

It is also recommended to teach your staff about good password practices and use a password manager such as Bitwarden, PassBolt, LastPass, etc. Password Manager will make it easy for you to use long and complex passwords in your sites.

A few recommended password practices are listed below.

  • Create a unique password with a minimum length of 12 characters using capitals, numerical and special symbols.
  • Do not use one password in more than one place. Use the Bitwarden’s created randomly string feature to create a long complex password.
  • Try to avoid using personal details such as phone number, date of birth, etc. in your passwords.

7. Train your employees in security principles

The weak link in the security of any staff is humans. Hackers can trick your employees into giving their passwords to them. This technique is called Social Engineering.

Since your staff is also a target that can be compromised for unauthorized access to your site, educating your staff about these issues can go a long way in protecting your site from data breaches and cyber threats.

Above, we discussed how having poor security on your website can cause havoc for your website. Implementing the seven methods can protect your site from these cyber threats and instill trust in your client base.

Hopefully these tips will help protect your SME in the future.

If you liked the article share it with your friends on social media 🙂

Click To Know More

To Top