Think about your office and home. Would you let anyone in or leave with the doors unlocked? Regardless of your property's size or the value of your possessions—you want to protect what's yours. Cybersecurity is no different.
Sadly, too many small and medium-sized enterprises (SMEs) have a different view on security, leading to poor network and data protection decisions. The reality is that one breach could deliver a business-crippling blow. When it comes to safeguarding our digital assets, here's what you need to know.
SMEs notoriously implement weak, bare-minimum, security measures. The reasons vary, but it comes down to any combination of the following:
Money challenges. Cash flow is almost always the reason that businesses don't invest in enterprise-grade security.
Lack of expertise. Lacking specialised IT security knowledge leads to choosing inappropriate or inadequate solutions.
Human capital restraints. Tight budgets often mean that the business lacks the in-house resources or the ability to hire skilled labour to implement the right measures.
Growing pains. Whether a start-up or in a new growth phase, sales and teething problems demand so much attention that security is overlooked. So necessity says, "we'll ride it out with what we've got." By the time you are "ready", the complexity, time and cost to implement the correct cybersecurity systems are overwhelming.
Misconceptions. Business owners and executives buy into cybersecurity myths because of misinformation or misguided beliefs. Such thinking includes:
Let's clear things up right away.
If you are connected to a network, you're vulnerable to cyber-attack.
The size, age, and revenue of the target don't matter. As we explained in our last post about phishing, a micro-enterprise address book can help criminals to gain entry into larger organisations.
There's no time like the present to secure your network, information and operations. Top-quality, on-demand managed IT services don't have to cost a fortune. Besides, can you afford the risk of losing your business?
The effects of data corruption, losses, or breaches can be devastating.
Some businesses never fully recover from the hefty cost of ransomware attacks or loss of business from Denial of Service (DoS) attacks.
You could face fines—even imprisonment—for legal non-compliance. Data-privacy laws like POPIAand the GDPRmake every business accountable for the personal information that they process, store or disseminate.
You may need to meet certain security standards to help clients or suppliers uphold their legal obligations. Without adequate measures, you limit your organisation's entry into the broader supply chain.
Trust in business is everything. If your network, information, and even cloud applications are compromised, you could suffer irreparable reputational damage. Laws and ethical business acumen require you to release a statement informing your stakeholders. You'll need to admit that it happened, how it happened, what was compromised and what you're doing about it. By then, it could be too late.
We wholeheartedly recommend professional-managed cybersecurity services as your best line of defence. If that's not in your reach right now, then here's what you should do right away.
That's not to say that the more money you spend, the better. What we mean is, don't skimp on these items. Reputable brands include ESET, Kaspersky, Norton, Check Point, AT&T Cybersecurity, McAfee NSP, Kismet.
Make it a priority to update antivirus and security measures regularly. Threats keep on evolving, and older trends can be reused. Stay vigilant.
A backup and business continuity plan ensure that critical data can be recovered in case of a virus infection or security breach. Store backups appropriately to safeguard them from attackers and deletion.
Make sure that all employees understand the importance of a secure password. The more characters and special symbols being used, the harder it makes for the password to be cracked.
Passwords need to be changed periodically, but not so often that it causes personnel to get lazy and resort to a "Password 1", "Password 2" situation.
With the new work-from-home normal, remote access can be a chink in your company's armour. Ideally, all these connections need to be behind a VPN Firewall that will unobtrusively monitor incoming and outgoing traffic, preventing data from leaking into the wrong hands.
Train, train, test and train again. The software can do a lot, but it can't do everything. People are the number one cause of security failures. We browse websites, open attachments, click links, and use USBs—all of these are potential access points for malware. Comprehensive, ongoing employee awareness training is crucial for staff to recognise and report or delete anything suspicious.
IT security is a business staple. If you're wondering where to start, chat with us. Your first consultation is free.