As cyber criminals become more sophisticated and confident, we are starting to see more high profile cyber breaches make headlines. However, with much attention placed on large-scale cyber incidents, we often forget that Small and Medium Enterprises (SMEs) are especially vulnerable to cyber-attacks.
According to the Allianz Risk Barometer 2018, cyber incidents are the most prevalent business concern for South African businesses for the third year in a row. This is even more of a concern for SMEs who tend to have less IT security, thus are more likely to be exposed to these attacks.
Further statistics from The National Small Business Chamber (NSBC) show that SMEs make up 52% of South Africa’s GDP and are expected to create 90% of new jobs by 2030, the ramifications of cyber-attacks on SMEs can be hugely damaging not only to the organisation but to the local economy as a whole.
Here’s why SMEs are especially vulnerable to cyber incidents and how best they can protect themselves:
Take a proactive approach to cybersecurity
SMEs are under pressure to pay suppliers, track inventory, manage staff, all whilst trying to make a profit. With small business owners wearing multiple hats, they may not be able to prioritise cyber security. However, as businesses are more dependent than ever on technology, protecting data should be a part of their business strategy and not a “nice to have”, no matter the size of the business.
Many cyber incidents are not detected by the victims themselves – they are identified by third parties, and by then most of the damage has already been done. This highlights the need for automated incident response systems to detect and block attacks.
Since cyber criminals are resourceful and will always find a loophole, security must be approached holistically. A combination of endpoint security to protect common endpoints e.g. computers, smartphones and routers, along with employing a multi-cloud strategy offers greater levels of security. For instance, running a production application in one cloud platform and maintaining a separate backup in a separate cloud environment, provides disaster recovery, another crucial aspect of resilience. At a bare minimum, SMEs should consider implementing password management, email security and a firewall within the network.
Internal protection is just as important as external protection
As many high-profile data leaks have shown us, it’s not enough to only protect against external cyber risks. Internal data leaks are happening more regularly, whether as a result of human error or intentional. These data leaks may not have large consequences when they first occur but may make a business vulnerable to cyber-crime in the future.
As important as it is for small business owners to be educated on how to protect their business from cyber-crime, it means very little if their staff are not equally as careful and clued-up. Staff need to be aware of the warning signs of an attack and be able to identify phishing emails, unsecure email attachments and understand the importance of something as seemingly simple as a strong password. All staff need to be carefully trained on a regular basis
It is no secret that small business owners experience a range of challenges, this is besides juggling many tasks to keep business afloat. Cyber criminals and data leaks should however be the least of your problems and this can only be done once you have implemented the right security and protection for your business. It is important to note that partnering with an IT expert that can help detect, protect and respond to cybersecurity threats, will ensure that they aren’t adding a cyber intrusion to the load.
By Jeremy Capell, Executive of Cyber Resilience at Internet Solutions