How to protect your business against cybercrime

One in 5 entrepreneurs, large and small, encounters a cyber incident every year. For example, you accidentally fall for a phishing message and share your data with a criminal. Or you suddenly can't open your files and programmes because of a computer virus. Where do you start with digital security? With these tips from the Digital Trust Center (DTC), you can get started right away.

Working cyber-safely can be done in many ways. What you secure and how you secure it differs from one business to another. You can find out what is important specifically for your business with a cyber scan. There are also security points that almost every entrepreneur needs to think about. Yet almost one in five small businesses did nothing about digital security in 2023 (in Dutch). Get started on a cyber-safe business. You can easily implement these seven actions yourself.

1. Make a Back up

Limit the damage of a cyber incident with a good backup. Make one or more copies of your business data. Keep at least one backup in another place. Think a safe or at your home. Do you have an IT service provider who takes care of this for you? Then ask for an overview of your copied company data at regular intervals. That way you know exactly what and how it is backed up.

2. Use multifactor authentication

Prevent someone else from accessing your account with multifactor authentication. Multifactor authentication is also called 2-factor authentication, two-step verification, or in short 2FA or MFA. It works like an extra lock on your account. You log in not only with your password, but also, for example, with your fingerprint, or a code you receive via SMS or an app. Enable this at least on your business email account and your most important business applications.

3. Turn on automatic updates

Software updates often include security updates in addition to user improvements. Hackers actively search for vulnerabilities in outdated software. So, do not wait to update your software and turn on automatic updates. In addition to your computers, think about tablets, phones and smart devices. This way, you will be protected against harmful computer viruses, or malware.

4. Use antivirus software

Install antivirus software and make sure it stays up-to-date. Do this on all computers and servers in your business. Such a software programme detects and removes digital threats. In addition, the software alerts you to suspicious e-mails and websites. Using an antivirus programme also indirectly protects the devices of, for example, your customers and suppliers. Many viruses penetrate your e-mail programme and spread via your e-mail traffic with others.

5. Check your e-mail security standards

Check the security of your e-mail address via internet.nl. On this website, you can find out whether your domain name, the part after the @ sign, uses security standards. And which ones they are. Does your domain name not use security standards? Ask your IT service provider how to improve it. With good security standards, cybercriminals cannot misuse your identity to send spam such as phishing.

6. Recognise phishing

Phishing is a major danger to any business. With this form of digital scam, fraudsters trick you with fake e-mails, fake QR codes and fake SMS or WhatsApp messages. Make sure your employees recognise phishing. Practice, for example, with the online phishing quiz (in Dutch). Or start a phishing test in cooperation with an IT service provider.

7. Create an offline call list

Suddenly unable to access your files? A cybercriminal may have installed ransomware. Make sure contact details of important partners are printed out. Because looking up a phone number in your system is impossible if you have been hacked. On the call list, put the details of, for example, an IT service provider, software supplier and a cybersecurity company that will help you in case of problems. Use DTC's sample call list (pdf, in Dutch).

Hacked, now what?

Have you been hacked? The Hackhelpdesk website (in Dutch) tells you what to do. Call in a cyber security expert if you need help with follow-up actions. Even if you doubt whether you have been hacked, such an expert can help you. After a hack, always report it to the police (in Dutch) and also report it to the Fraud Helpdesk (in Dutch). They provide information and tips on current fraud to citizens and businesses.