There’s no doubt that digital technologies are powerful enablers for small and medium businesses (SMBs). Digital channels and tools have helped SMBs reduce costs, reach new markets, become more productive, embrace flexible ways of working, and transform their customer experience. However, their growing reliance on digital tech also creates a new set of risks and threats they need to manage.
These include the legal and reputational repercussions of accidentally leaking customer data, risks to business continuity when core IT systems fail or are breached, theft of intellectual property, exposure to extortion, and the possibility of direct and indirect financial losses. The Allianz Risk Barometer for 2023 shows that South African businesses see cyber incidents as one of their top three risks.
Here are some ways companies can navigate cyber-risks and avoid losses in their businesses:
1. Focus on Employee Education
People are often the weakest link in cybersecurity. Investing in the latest and best firewalls and antimalware software won’t help if your employees fall for a social engineering attack. SMB owners should stay informed about the latest threats and best practices to stay ahead of the evolving cybersecurity landscape. They should also promote employee awareness about recognizing phishing attacks and what they should do to keep company data and systems safe.
2. Implement Multifactor Authentication (MFA)
The State of Ransomware in South Africa 2023 report from Sophos shows that compromised credentials were used in 24% of attacks last year. However, most of these attacks could be prevented with multi-factor authentication (MFA). In MFA, a user needs something in addition to their login name and password to access a system. This could include one or more of the following: a smartphone authenticator app, a hardware token, or a biometric identifier like their voice, face, or fingerprint.
3. Follow the 3-2-1 Approach to Backups
According to the Sophos report, 78% of organizations were hit by ransomware in 2022, up from 51% in 2021. The nature of this threat means that older approaches to backing up data are no longer sufficient. SMBs should ensure they have backups isolated from their main network in case of a ransomware attack. It’s good practice to create three backups—two onsite and one offsite—to ensure the business can recover from an attack. If the onsite production systems and backups suffer an attack, you can restore your data from the uncompromised data in your offsite backups.
4. Don’t Forget About Physical Security
Hardware such as notebooks and smartphones can be a treasure trove for criminals—they may contain valuable information such as banking passwords, financial data, and logins for company applications. Ensure devices are protected with passwords, PIN codes, or biometric authentication. Consider adding a physical tracker and enabling functionality that allows data on the device to be wiped if it’s stolen or lost.
5. Invest in Cyber-insurance in Case Your Defenses Fail
With the evolving nature of cybercrime and cyber-risks, there is always a danger that your business could be breached despite its best efforts. Cyber-insurance policies can help your business mitigate losses and recover in the event of a cyber incident. Some ways cyber-insurance can protect your business include:
– Defense and settlement of liability claims (e.g., legal action from customers)
– Payment of regulatory fines and penalties, if legally permissible
– Compensation for loss of income or business interruption
– Assistance with incident and crisis management
– Coverage for restoring systems, recovering data, and forensic investigation after an incident
– Help manage a cyber-extortion event such as a ransomware attack
By Francois Potgieter, Managing Director at Bi-me (Business Insurance Made Easy), the trusted online platform for business insurance
