Cybersecurity: What SMEs Need To Know

July 23rd, 2020
Cybersecurity: What SMEs Need To Know


Cybersecurity: What SMEs Need To Know

Think about your office and home. Would you let anyone in or leave with the doors unlocked? Regardless of your property's size or the value of your possessions—you want to protect what's yours. Cybersecurity is no different.

Sadly, too many small and medium-sized enterprises (SMEs) have a different view on security, leading to poor network and data protection decisions. The reality is that one breach could deliver a business-crippling blow. When it comes to safeguarding our digital assets, here's what you need to know.

Common SMB Cybersecurity Misconceptions and Challenges

SMEs notoriously implement weak, bare-minimum, security measures. The reasons vary, but it comes down to any combination of the following:

Money challenges. Cash-flow is almost always the reason that businesses don't invest in enterprise-grade security.

Lack of expertise. Lacking specialised IT security knowledge leads to choosing inappropriate or inadequate solutions.

Human capital restraints. Tight budgets often mean that the business lacks the in-house resources or the ability to hire skilled labour to implement the right measures.

Growing pains. Whether a start-up or in a new growth phase, sales and teething problems demand so much attention that security is overlooked. So necessity says, "we'll ride it out with what we've got." By the time you are "ready", the complexity, time and cost to implement the correct cybersecurity systems are overwhelming.

Misconceptions. Business owners and executives buy into cybersecurity myths because of misinformation or misguided beliefs. Such thinking includes:

  • We'll get to it, or, it can wait.
  • Security is not business-critical.
  • Our business is too small to be a target.
  • Antivirus is sufficient.
  • What we've had since the start (or for the last 3+ years) is enough.
  • We've never had a problem,so we must be okay.
  • Let's clear things up right away.

    Cybercrime Doesn't Wait or Discriminate

    If you are connected to a network, you're vulnerable to cyber-attack.

    The size, age, and revenue of the target don't matter. As we explained in our last post about phishing, a micro-enterprises address book can help criminals to gain entry into larger organisations.

    There's no time like the present to secure your network, information and operations. Top-quality, on-demand managed IT servicesdon't have to cost a fortune. Besides, can you afford the risk of losing your business?

    The Impact of Cybersecurity on SMEs

    The effects of data corruption, losses, or breaches can be devastating.

    Some businesses never fully recover from the hefty cost of ransomware attacks or loss of business from Denial of Service (DoS) attacks.

    You could face fines—even imprisonment—for legal non-compliance. Data-privacy laws like POPIAand the GDPRmake every business accountable for the personal information that they process, store or disseminate.

    You may need to meet certain security standards to help clients or suppliers uphold their legal obligations. Without adequate measures, you limit your organisation's entry into the broader supply chain.

    Trust in business is everything. If your network, information, even cloud applications are compromised, you could suffer irreparable reputational damage. Laws and ethical business acumen require you to release a statement informing your stakeholders. You'll need to admit that it happened, how it happened, what was compromised and what you're doing about it. By then, it could be too late.

    Small and Medium Business Cybersecurity Essentials

    We whole-heartedly recommend professional managed cybersecurity services as your best line of defence. If that's not in your reach right now, then here's what you should do right away.

    Get the Best Possible Antivirus, Threat Detection and Prevention Software that you can afford

    That's not to say that the more money you spend, the better. What we mean is, don't skimp on these items. Reputable brands include ESET, Kaspersky, Norton, Check Point, AT&T Cybersecurity, McAfee NSP, Kismet.

    Make it a priority to update antivirus and security measures regularly. Threats keep on evolving, and older trends can be reused. Stay vigilant.

    Have Good Backup and Business Continuity Procedures in Place

    A backup and business continuity plan ensure that critical data can be recovered in case of a virus infection or security breach. Store backups appropriately to safeguard them from attackers and deletion.

    Implement a Password Policy

    Make sure that all employees understand the importance of a secure password. The more characters and special symbols being used, the harder it makes the password to be cracked.

    Passwords need to be changed periodically, but not so often that it causes personnel to get lazy and resort to a "Password 1", "Password 2" situation.

    Make Sure Remote Access Is Secured

    With the new work-from-home normal, remote access can be a chink in your company's armour. Ideally, all these connections need to be behind a VPN Firewall that will unobtrusively monitor incoming and outgoing traffic, preventing data from leaking into the wrong hands.

    Increase Awareness about Security and Suspicious Activity

    Train, train, test and train again. Software can do a lot, but it can't do everything. People are the number one cause of security failures. We browse websites, open attachments, click links, use USBs—all of these are potential access points for malware. Comprehensive, ongoing employee awareness training is crucial for staff to recognise and report or delete anything suspicious.

    IT security is a business staple. If you're wondering where to start, chat with us. Your first consultation is free