Small & medium sized organizations


Why cybersecurity is important?

Small and medium-sized enterprises base their activities on information systems and the Internet. Using it not only has many benefits, but it can also bring many risks to your business. Criminals may infect your devices with malware (malicious software) and steal personal data or money or trick your employees into doing something they would not usually do. Therefore, everyone should provide minimum security measures to ensure the safety of devices such as computers, laptops, tablets, and smartphones. On this page you will find 5 basic rules to protect your organization against cyber threats.

No security measure gives 100% certainty that we will not become a victim of the attack. Security measures are designed to make the attack more difficult for attacker and to induce him to resign.

5 rules to protect your organization

1. Backup data

Step 1: identify data that is most important in your organization

Determine for what period of time the data is necessary for you (could be 1 week, 2 month, 6 month etc.), on the basis of this determine the frequency of performing data copies in your organization.


Such changes include for e.g. computer reinstallation, update of key software, changes made to applications.

This should be understood as saving backup on dedicated hard drives, network drives, or data storage in the cloud.

Step 5: encrypt data that contains confidential information.

2. Protect devices from malware

Step 1: install antivirus program on all devices

Step 2: systematically update the antivirus software and every other software installed on the computer devices

Most popular operating systems have a built-in option to turn on the firewall, check with your system supplier.

3. Manage access

Develop access management rules in your organization to prevent unauthorized access to assets.

Strong password should contain characters from various categories – upper and lower case letters, numbers, special characters.

To-factor authentication is an extra security measure which consist on two pieces of evidence (factors) to an authentication such as password and a code send over SMS or face ID or fingerprint.

Remembering passwords for many accounts is very difficult, so recommend your employees to use a password manager – these are simple applications that can store passwords for all created accounts.

A default password is a standard password created by manufacturer of a device , so called pre-configured password. Changing default password should be done before distribution of devices to the employees. If you do not change them, they can cause a cyber threat.

Limit remote access to systems to the necessary minimum. Take care of safe communication of remote access, e.g. connecting to the network with the use of VPN(Virtual Private Network).

Step 7: employees should not have an access to an administrator account.

4. Secure physically devices

Most popular operating systems have a built-in option to turn on the firewall, check with your system supplier.

Step 2: manage access to your company’s premises to avoid the appearance of unauthorized persons

Step 3: make aware employees to never leave the device unattended, especially in public places

Permanently delete data from the device that you want to throw away.

5. Protect against phishing

Work with CDA

We can help you to build cybersecurity in your company.

Visit our website

Stay up-to date with the CDA’s advisories relating to cyber security matters affecting the Togolese Republic and Africa.