You are here

Recommendations for small and medium sized enterprises against cybercrime

09/08/2022 07:43

The biggest cybercrime problems faced by Cypriot small and medium-sized enterprises (SMEs) in the last 12 months were phishing, account takeover or impersonation attacks (16%), higher than the EU average (11%) and viruses, spyware or malicious software (excluding ransomware) (8%) at a rate lower than the EU average (14%), according to a report by the European Commission's Directorate-General for Home Affairs (DG HOME) published in May, based on the results of a Eurobarometer conducted in November-December 2021 on "SMEs and Cybercrime".

The most common way in which SMEs fall victim to cybercrime is scams and frauds (52%) with a rate that is the highest in the EU and almost double the European average of 28%, and password cracking (24%) which is the 5th highest rate in the EU where the average is 19%.

In a press release the Digital Security Authority recommends the following to all businesses:

- Beware of emails from unknown senders as well as check correctness of the email address even if the sender of the email is known. Do not open attachments or links received from unknown senders.

- Have appropriate anti-virus software installed, capable of protecting their entire network range and equipment.

- Do not disclose passwords either by telephone or by any electronic means.

- Passwords must be more than 12 characters long and contain a combination of capital letters, small letters, symbols and numbers. 

- Passwords should be changed frequently.

- Use password verification (also known as two-factor authentication), adding an extra layer of security to the account in case of password theft.

- Institute control and backup and recovery procedures.

A similar survey on cybersecurity issues in business had been carried out on a national level by the Digital Security Authority in cooperation with the Cyprus Chamber Of Commerce and Industry.

The survey aimed, among other things, to assess the needs of businesses with a view to planning cybersecurity training seminars.