The Covid-19 pandemic has forced many to work from home, but users are the weakest point of any network
For many small and medium-sized businesses (SMEs), digitisation of their organisation was not a priority before the Covid-19 crisis hit, due to cost factors and lack of immediate need. But as a result of the pandemic, some of these businesses have had to unexpectedly fast-track their digital transformation journey in order to survive. Limited experience in adopting new technology and its security, along with the massive shift to remote working due to lockdown, has made SMEs vulnerable to an increased threat of cyberattacks.
In a Bitdefender report on impact of Covid-19 on cybersecurity, 86% of infosec professionals believe that cyberattacks on organisations are on the rise, with most of these being phishing, ransomware and social media threats.
Cybercriminals use a variety of techniques, including phishing, distributed denial of service (DDoS) attacks, ransomware and many other forms of malicious malware to target SMEs, leading to devastating losses in business productivity and revenue — and reputational damage.
Data has value to hackers because it has value to a business, no matter what the size of the organisation. The key to good cybersecurity is to understand that threats are constantly evolving, which requires businesses to be vigilant. Businesses need to start taking a holistic approach to cybersecurity in the “new workplace” and take both preventative and disaster recovery measures into account.
While larger businesses may have more resources to dedicate to cybersecurity, many SMEs are still reticent to make huge outlays to prevent cyberattacks, especially in this time of uncertainty. A common misconception among SMEs is that cyber criminals would rather target more larger organisations than smaller entities with less assets. In fact, SMEs are easier pickings for hackers due to their lack of cybersecurity. As this can jeopardise a whole business structure, every SME need to make protecting their network a top priority.
Here are some cost-effective tips to help SMEs improve their cybersecurity:
Preventative
Employee training
One of the most effective cybersecurity strategies is to conduct regular and on-going awareness training to ensure employees can identify and avoid risky online behaviour.
User training and monitoring is extremely important, as users are often the weak point of a network. According to Microsoft, 40% of businesses are now looking to invest in security solutions, with self-help options to drive user efficiency and reduce the risk of costly breaches.
User policy changes
Implementing policies that limit users’ ability to install unauthorised software on work devices and requiring users to use multifactor authentication can go a long way towards protecting the business. Additionally, requesting that users employ a mobile security tool trusted by the organisation can minimise vulnerabilities.
Use smart security tools
Organisations can find multiple monitoring and anti-malware tools on the market that are competitively priced and can help protect an entire network. Cyber threats typically evolve faster than SMEs can keep up. Given this, it’s important to use the right security tools to secure your environment. A good security tool will have machine learning and artificial intelligence built in to improve detection rates. This includes mobile device management, such as Microsoft 365 and Gravityzone Advanced Business Security.
Consistent security updates
Companies should routinely perform software upgrades to ensure that the latest security patches are rolled out across the entire organisation, as these include security updates. For those small businesses without an IT division, partnering with a reseller that provides this service is an easy solution.
Disaster Recovery
Incident response plan
A disaster recovery system for business-critical applications is crucial to reduce the risk of an attack caused by downtime. This system should account for and understand all possible risks, and what exactly your business needs for its operations to continue at a minimum.
Back-up systems
Implementing a robust backup system can help to ensure that there is no loss of data, which can be costly, both monetarily and in loss of reputation. An increasingly popular way of backing up important data is to use a cloud-based offering, such as Acronis Cyber Backup, which can do this automatically and securely.
SMEs are important drivers of productivity in most economies. In South Africa, the SME sector employs 47% of the country’s workforce and contributes more than 20% to the country’s gross domestic product (GDP). Therefore, the key to a successful economy lies in successful small business. As cybersecurity breaches have the potential to close a business down permanently, SMEs need to ensure that not only do they have adequate security measures in place, but also built-in contingency plans in the event of a breach.
As the lockdown within South Africa has lifted to level 1, the important role that online platforms play in operations will continue for many businesses. It is essential that SMEs ensure they have put in place the required cybersecurity measures to protect their remote workers, networks and digital assets for the foreseeable future.
Elaine Wang is Rectron Cloud and Software Solutions Director