Skip to main content

Why SMEs are [virtually] leaving the front door open for cyber criminals

By 17th September 2019One Comment

Are you careful about keeping your front door locked and garage securely closed? Do you switch the home alarm on at night before dozing off? Yep, we thought so. Crime is an ugly reality that we all have to face daily, and most South Africans are extremely cautious and vigilant about their home security. Pity that the same cannot be said for internet and data security…particularly given the fact that current cybercrime statistics are just as shocking as ‘physical’ crime stats!

Not convinced?

The global Cyber Exposure Index ranks South Africa sixth on the list of most-targeted countries for cyberattacks, while PwC’s 2018 Global Economic Crime Survey ranked cybercrime as the second most frequently reported type of fraud (and identified it as the most disruptive and serious economic crime expected to impact organisations in the next two years). Now, this is where we can hear small business owners and home-based professionals mutter to themselves, ‘ah but I’m a small fry…hackers have no reason to target me, I wouldn’t be on their radar.’ Are we right?

Thought so, and this is why your approach is so wrong! Hackers are well aware that SMEs and home users don’t have the same IT security resources as their bigger counterparts, which makes them easy targets. Furthermore, many of today’s cyberattacks are automated (and there is no hooded hacker with a funny accent sitting in a dark room focused on you…instead, millions of infected emails are being spammed into the World Wide Web every minute of every day). So, if someone within your business (and obviously on the network) clicks on what they think is a legitimate attachment to an email, they’ll unwittingly allow malware – often in the form of ransomware – to run. In fact,

Cybersecurity Ventures predicts that a business will fall victim to a ransomware attack every 14 seconds this year, and every 11 seconds by 2021. For the uninitiated, ransomware is a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid

Sadly, while SMEs and home users spend scarce resources on electric fences and security guards, they invest next to nothing in IT defenses and data security (and leave themselves shockingly vulnerable to crimes that can cripple the business with one dodgy link!).

Rethinking Your ‘Security’ Equation

Now that you’ve been sufficiently scolded, we hope that your next move (after that soothing cup of tea) will involve giving your IT setup a rethink! Yes?

The smartest approach (in our nerdy opinion) is always a proactive one. Moreover, IT and data security is not a quick, one-off box to tick. It requires a thoughtful and professional strategy, as well as continuous ‘maintenance’ and double-checking (yes, just like your traditional or physical security systems!).

As a fundamental guideline, every business should adopt a ‘layered security’ approach to its IT system and user network [*see infographic]. This is a gradual and systematic approach that is made up of many layers. When properly and professionally executed, it creates a robust system of defense that is effective in mitigating the severe risks that cybercrime presents today.

Of course, every home and business has a budget to operate within, so we do understand that resources have to be managed. That said, we do strongly suggest that you try to implement every layer detailed below (each layer is equally important!) to keep the business, its employees, and its data, safe:

  1. Endpoint Security: Only use licensed software, and keep all software up to date! This will ensure that security flaws and “back doors” are controlled and patched by the creators of the software. Use a reputable anti-virus and make sure that all devices on the network have robust anti-virus protection.
  2. Education & User Guidance: Proactively educate and train all users and employees to ensure that they understand the cyber risks (and the importance of adherence to rules). Training should help users to identify and avoid threats. Besides, implement professional policies and procedures around data security that oversee how data is stored, shared and used within the network.
  3. Network Security: Hardware such as firewalls and other tools that manage access to IT infrastructure are critically important and cannot be overlooked.
  4. Contract Support: In many instances, businesses now require 24/7 helpdesks and IT support to properly address crises such as data breaches and ransomware attacks.
  5. Server and/or Hosted Security: Use internationally recognized cloud platforms such as Microsoft’s Office 365 to house and control your email, document collaboration, and data repositories. Microsoft continually upgrades and invests in spam filtering, phishing detection, and other cyber attack defenses.
  6. Disaster Recovery: Something will go wrong eventually; with the support of your IT partner, have a plan in place that will mitigate risk, reduce business downtime and get systems back up (with data accessible) in a timeframe that is suitable and affordable.

Stay Compliant

While your business or home network might not have suffered a data breach or attack to date, it is sadly just a question of ‘when’ (not if!) you will be targeted. You simply cannot afford to ignore the risks, no matter how tough the current economy maybe! Indeed, business owners also have to consider the legalities around data protection, with new legislation such as PoPI (SA’s Protection of Personal Information Act) and Europe’s GDPR presenting severe penalties for entities that do not comply.

So the next time your house alarm goes off (or when you hear those armed guards investigating next door’s alarm), let it be a sharp reminder to check your IT security and make sure that your virtual front door is secure!

Join the discussion One Comment

  • In many cases that’s because while they had all of the right defenses, such as anti-virus, malware detection, encryption, and firewalls they did not have in place the right systems and processes to deal with an actual attack and it’s aftermath. It’s like putting a guard at the front door to ward of bank robbers without giving him or her training on what to do in the event of an actual robbery! In the case of a business it usually means that they do not have a fully redundant system for accessing their applications and data, both live and online as well as regular offline backups stored in multiple onsite and offsite locations. Stop and think about it. If your ecommerce system, web site, email, or customer data was suddenly inaccessible because of an attack would you be able to get back up and running within minutes, hours, or days, or at all?

Leave a Reply