The consequences of a cyber attack can be huge. The recent attack on the city of Antwerp proved that. After an attack by the hacker group Play, several city services were down for weeks. Last year, 1 in 8 Flemish companies fell victim to a cyber attack, according to a report by Vlaio. The study found that small SMEs in particular do not adequately arm themselves against cyber attacks.

But critical infrastructure such as hospitals, police departments and cities are also increasingly interesting to hackers, often for geopolitical reasons. In addition, they are also more likely to be able to force these agencies to pay. For one thing, hackers encrypt all data, rendering agencies wingless. And on the other hand, they steal confidential data such as identity cards, patient records or, as was the case recently with the police in Zwijndrecht, also flash fines with addresses and personal data. The theft of confidential data often gives agencies no choice but to pay anyway.

According to Koen Jacobs, managing partner at SecWise, it doesn’t have to go that far. In just five steps, most companies can arm themselves against a cyber attack. He lists below five important security tips that every company should follow:

• MFA

Although MFA or Multi-Factor Authentication has been around for several years, many organizations are still not using it. However, it is a simple and fairly inexpensive way to better secure identities within your company. Most employees also know the system from their personal lives, where it is often used to log into social media. By implementing MFA, you reduce the chances that phishing emails can do damage. By 2023, the number of phishing attacks will only increase. Hackers will no longer send emails, but increasingly turn to text messaging, whatsapp and social media. So make sure your business is prepared for this.

• Awareness

The second important step, is to raise awareness among your employees. Do that on a regular basis, and keep the topic alive within your organization. This can be done through posters at the coffee machine or training sessions and workshops. But specialized firms can also test your employees to see how susceptible they are to phishing messages via email, social media or their smartphones. This gives you immediate insight into how susceptible your company is to a phishing attack.

• Vulnerability Management

Within cybersecurity, you’re never done. New leaks or security threats pop up every day. Make sure all your applications are up-to-date, and install the necessary security patches on time. By doing so, you reduce the risk of an attack. On the dark web, forums are full of such vulnerabilities, and it has become a business in itself. In 2023, this will only increase. Work out an update policy for your company, and don’t be surprised.

• Detection and protection

An antivirus program is fairly standard for businesses, and most will also already have endpoint security installed. That’s additional security on laptops or smartphones, for example. But meanwhile, there is also XDR: Extended Detection and Response. By protecting and monitoring the various systems of e-mail endpoints, cloud workloads and networks through a combination of security components, one gets a higher level of protection but also a better view of how digital security is doing, and can intervene faster in the event of a possible attack.

• Be alert

As a company, you can have excellent security and still fall victim to a cyber attack. Therefore, make sure you establish a cyber disaster recovery plan. Assume the worst possible scenario. Establish a sequence of actions and make sure the right people are informed. Also provide backups of the various systems you use, and store them in different places. Are you still working through on-prem servers? If so, back them up in the cloud as well. That way you avoid your backup becoming inaccessible during an attack.

Even with small things like MFA or solid vulnerability management, you can already secure your business well. These are small steps that have little impact on the operation of your organization, and also cost relatively little. Yet they already make it much more difficult for hackers to get to your confidential information documents.