MSMEs told to practice basic cyber-hygiene

FILIPINO micro, small and medium enterprises (MSME) should practice basic cyber-hygiene to protect themselves against most cyberattacks, according to an industry expert.

“For MSMEs, basic cyber-hygiene begins with your business, especially if you have fewer than five people,” Samuel V. Jacoba, founding president of the National Association of Data Protection Officers of the Philippines (NADPOP), said on the sidelines of a recent BusinessWorld cybersecurity forum.

“Secure your devices by keeping your software basic. Software should be licensed,” he said, adding that system patching and software updates should be performed consistently once available, as these help fix critical security vulnerabilities.

About four in 10 cyberattacks in 2023 targeted small and medium enterprises (SME), according to a 2025 global report by BD Emerson, a US-based cybersecurity and consulting firm.

These attacks resulted in average total costs as much as $7 million for SMEs. The report also found that 60% of small businesses shut down within six months of a cyberattack, and 75% said they could no longer continue operations if hit by ransomware.

Global tech giant Microsoft Corp. said practicing cyber-hygiene prevents 99% of cyberattacks, adding that businesses should adopt these habits to safeguard themselves against threats and ensure continuous operations.

Microsoft said every organization should adopt stronger login protections such as phishing-resistant multi-factor authentication. It also recommended practicing a “Zero Trust” approach — assuming no system is safe until verified — by validating every transaction and asserting least-privilege access, among other measures.

Microsoft likewise advised using modern anti-malware tools to detect and block threats, keeping systems updated and protecting sensitive data through proper classification and access controls.

Apart from practicing proper cyber-hygiene, Mr. Jacoba said MSMEs should attend cybersecurity-related forums because these help them learn strategies to further protect themselves against cyberthreats.

Grounded in the desire to help MSMEs and organizations strengthen cybersecurity, NADPOP’s initiative CyberBayan, launched last year, will be relaunched this year.

The program aims to boost the country’s cybersecurity posture and digital workforce through online training covering topics such as data privacy, governance, risk and compliance.

“In 2026, we’re going hyperlocal,” Mr. Jacoba said. “We want to set up a nationwide network of local communities protecting, supporting each other and learning together how to safeguard our organizations.”

This year’s iteration will focus on MSMEs and organizations in Metro Manila, Central Luzon and Southern Luzon.

CyberBayan aims to train 1.44 million Filipinos over the next five years, helping boost the country’s cyber and digital workforce, he said in an earlier statement. — Edg Adrian A. Eva