Listen: Four tips to protect your small business against cybercrime

Protecting your small business against cybercrime does not need to be a headache for small business owners.

“The plight of prominent corporates falling prey to cybercrime continue to make headlines throughout the country. However, large businesses are not the only victims of cybercrime, with research by Accenture revealing that 43% of cyber-attacks target small businesses.

“Therefore, it is imperative for small businesses to implement risk management measures to guard against the threat of cybercrime,” says Jeremy Lang, executive director at Business Partners Limited.

“We live in an age of rapid digital advancement and while this is great news for small businesses, it also means that cyber criminals are getting smarter and more innovative. The only way to protect yourself and your business is to keep abreast of developments and treat the need for cyber security as a necessity that is certainly here to stay.”

ALSO READ: Legal requirements for your online shop

Cybercrime is increasing

Lang says statistics show that the losses small businesses incur account for a large proportion of the R2.2 billion in damages that the country suffers every year due to almost 600 cyber-attacks every hour. In a survey conducted by specialist cyber risk consultancy, STORM Guidance, just under 85% of respondents acknowledged that cybercrime is a serious problem among SMEs in South Africa.

As this finding suggests, the level of seriousness regarding cybercrime is increasing. “However, there are a few fundamentals that to keep in mind to secure adequate protection.

“While digital disruption has opened doors of possibilities for SMEs to make their mark in the larger business world, it has also introduced real risks in terms of revenue loss, as well as substantial legal repercussions due to cyber-attacks,” Lang explains.

According to internet security software specialist, Kaspersky, the number of Trojan Password Stealing Ware (PSW) detections in the country increased by almost 70% in 2022 compared to the same period in 2021. This amounted to 20,922 detections in 2022 alone from this kind of malware that allows cyber criminals to steal passwords and other account information, providing access to the business’ larger network.

Lang points out that a data breach is another common form of cyber-attack, where confidential files containing personal information are used by cyber criminals to hold businesses to ransom. “This kind of attack has far-reaching implications for businesses in terms of damage to their reputation, losing the trust of their customer base and the cost of mitigating the effects of a data breach in addition to the possible payment of a ransom.”

He says another important dimension of this kind of risk that needs to be considered involves the potential legal ramifications. “If an attack on an SME results in customer information being used for identity theft or fraud, those third parties could sue the small business that may be found liable due to negligence or the lack of adequate cyber-security processes and procedures. The National Information Regulator can also issue a fine for breaching the Protection of Personal Information Act.”

ALSO READ: Watch: How to finance your small business

Advice for small businesses

Beyond implementing cyber-security software solutions, Lang also has this advice for small businesses to protect themselves against these risks:

• Reinforce best practices

The term ‘cyber hygiene’ is now used to refer to the industry best practices that exist to help people protect their valuable information. Any cyber-security policy you introduce into your business needs to include mandatory cyber-hygiene practices, such as regular password changes, never using universal passwords, using VPNs and multi-factor authentication and file storage and transfer policies that disallow the use of unsecured software.

• Ensure that staff are well trained on cybersecurity awareness

“Putting cyber-security policies in place is a good place to start, but it is important for employees to understand the reason for these policies. This is particularly important for SMEs that allow remote working. When training your staff, avoid technical jargon and explain the risks in simple terms by quantifying the potential cost implications of a cyber-attack to illustrate the seriousness of this issue.”

• Prioritise data back-ups

Although backing up your data may not prevent a cyber-attack, it may help your business to recover quicker and easier. Therefore, you need to include mandatory back-up procedures for information, such as customer and employee data, as well as confidential agreements, contracts and sensitive company information. Human error is behind a large number of cyber-attacks and is something that hackers and cyber criminals use as opportunities to infiltrate a business. This can be counteracted by strict adherence to back-up processes, Lang says.

• Cyber insurance

As an SME, it is better to prevent than react to security breaches, but as a final line of defence, you must consider cyber-security insurance sin case your risk management processes fail to prevent an attack. This kind of insurance will cover aspects such as legal costs, data recovery costs, third-party liability clams, cover for business interruption and by extension, the cost of cyber-extortion. Speak to your insurer to discuss your SME’s needs as well as your budgetary restrictions in order to apply for an adequate degree of cover, Lange says.