The importance for SMBs to have cybersecurity measures in place

A recent Interpol report has identified online scams, digital extortion, business email compromise, and ransomware as the most prominent cyber threats facing African companies today.

These risks will only increase as more organisations embrace digital channels to engage with their customers. Considering that internet penetration on the continent is less than 40%, there is significant potential for both business growth, equally, cyberattacks will also increase.

Events of the past two years have exacerbated these online dangers. There are even more vulnerable platforms for hackers to target due to those companies who have moved operations online during the pandemic.

Adding to this is the growing number of employees who use their personal devices to access work- related resources from public Wi-Fi and home routers. Working outside the relative safety of the corporate network has meant that companies and individuals have had to rethink how they adopt cybersecurity measures.

This is even more prevalent in small to medium businesses (SMBs) who cannot afford the financial and reputational damage caused by cyberattacks.

Cybersecurity structure essential

Cloud-based businesses, regardless of size or industry sector, cannot afford not to have a comprehensive cybersecurity structure in place.

A cybersecurity structure must also be set up and maintained effectively. If not, then the following risks can emerge:

• Misconfiguring cloud services that can result in security gaps.
• Insufficient credential management, leaving employees able to access sensitive files even if they are not allowed to.
• Lack of access management where employees might be able to use technology resources they are not supposed to.

These risks can quickly combine and spiral out of control creating significant headaches for companies with limited cybersecurity resources. Many SMBs do not have the luxury of having IT teams in place to manage these risks. Instead, they must rely on trusted service providers to do it for them.

Mitigating risk

Smaller companies are certainly more open to attack from malware, phishing attacks, and ransomware than their larger counterparts. The lack of a solid virtual private network (VPN) also contributes to the susceptibility of an SMB for compromise, especially when remote employees log into back-end systems.

For their part, larger organisations must deal with everything from password thefts, traffic interception, Zero Day exploits, Distributed Denial of Service attacks, and social engineering.

Managing costs

Despite these different forms of attack, every organisation requires the same cybersecurity best practices to protect networks, applications, devices, systems, and data. Affordability is often cited as a reason for not having comprehensive cybersecurity measures and operations in place.

As the cyberthreat landscape continues to grow, more companies are recognising the urgency to become proactive rather than reactive. Many small businesses who were hacked or suffered some sort of attack have closed their doors simply because they cannot afford to fix the damage to the business and its reputation.

Spending money on cybersecurity is something that must be seen as an investment and not a grudge purchase.

Bolstering defences

Companies can investigate the following options to strengthen their cybersecurity:

• Buying endpoint, server, network, cloud, and email security solutions.
• Taking out cyber insurance.
• Protection of data with role-based access control to restrict system access to unauthorised users.
• Implementing multi-factor authentication and VPNs as additional layers of security.
• Installing an automated remote backup and data recovery system.
• Encourage employees to install cybersecurity software on their mobile devices.
• Invest in a good cybersecurity awareness training programme to educate employees on best practice as well as how to identify cyberattacks.

The road ahead is not an easy one, but it is essential for companies to embark on the journey before it is too late.

Author: Ria Mey
Product Manager for Network
Security and Security at Itec
South Africa