How to protect your business from cybercrime on a budget

Small business owners know that it is important to protect their businesses from cybercrime, but the main challenge for them is that their budget does not always allow them to get all the bells and whistles that they are told will be required to keep the criminals out.

Many small businesses also think they are too small or obscure to become victims of cybercrime, but according to estimates by the Council for Scientific and Industrial Research (CSIR) cybercrime costs the South African economy R2.2 billion annually, primarily from targeting individuals and small businesses.

Cyber criminals are opportunists, like a mugger waiting in a dimly lit street.

“Criminals most often choose their targets based on security weaknesses. They use automated scripts and bots to sniff out companies with poor security and then find a way in. Some criminals specialise in only breaching, while others prefer stealing data or extracting payment from victims,” says Gerhard Swart, CTO at cybersecurity company, Performanta.

“The most common attitude I encounter at a breached company is ‘why me?’. The owners often think it is personal, that they were targeted for specific reasons. There are definitely reasons that make a target more appealing to criminals, but in almost all cases, companies were attacked because their security was lacking. It is as simple as that: the bad guys found a gap and exploited it. Therefore, it is logical to make your business as unattractive a target as possible.”

How do you go about making your small business unattractive to online criminals? Swart says it is the same logic as securing physical areas: make it complicated by creating numerous obstacles, such as security software and services, but also staff training and basic security hygiene.

ALSO READ: Listen: Four tips to protect your small business against cybercrime

However, these measures cost money and skills, which cash-strapped businesses struggle to afford but there are ways to get ahead of the bad guys and put those obstacles in their way, such as:

Basic cybersecurity training for owners

Good business owners and managers need a diverse range of knowledge and they do courses on other skills, such as bookkeeping, labour rights and industry trends.

“Do the same for cybersecurity: there are many cheap courses that give a good foundation in cybersecurity fundamentals. Visit services such as Udemy or LinkedIn Learning for options. Also, check with local business and professional groups to see if they offer cybersecurity courses or advice.”

Train staff proactively to prevent cybercrime

Swart says businesses can have excellent security, but they will become a target if their staff is not prepared. On the other hand, a company with weaker security but alert staff can be harder to breach than what security technologies can achieve on their own.

“People are both the weak spot and strongest countermeasure. Help to educate them by sending them on some courses. Find employees who will champion security and spread good habits and above all, use collaboration, not punitive measures. Scared employees are not as effective as invested employees.”

ALSO READ: Nine cybersecurity predictions for 2023 that’ll keep business owners up at night

Ensure you have a plan

If your house catches fire, do you know what you will grab when you escape the blaze? If you anticipated a fire, you would likely put all your valuable documents in one place for easy extraction. Swart says the point is that when trouble hits, you do not have time to make plans.

“Create a security process plan. Identify your most important assets, such as customer information and mitigate risks by having backups and procedures to get those assets back online. Also designate people for roles, such as who will lead emergency triage, clean-ups and investigations.”

Establish security basics

Many companies fall victim to online crime because they did not cover the basics, but Swart says some policy can clear that up.

“Mandate strong passwords (and regular password changes), add multi-factor authentication (often already an available feature in business software), regularly patch software, use firewalls and antivirus software and identify and de-risk the most crucial business assets. Encourage user awareness and discuss security challenges in your sector with peer businesses.”

ALSO READ: State of small businesses in South Africa shows how important they are to the country

Consider managed cybercrime security services

Security is a business cost, Swart says.

“While it is unwise to underspend on cybersecurity, you can be frugal and gain maximum value for your budget. Managed security service providers offer services that run security on your behalf. They are typically modular and easy to customise, which means that you can be very specific about where to focus your security priorities and costs. Managed security services are also an excellent way to add security skills to your protection without hiring people internally at a greater cost.”