Every business making use of PCs or mobile devices is vulnerable to violation of online security. Now more than ever, it’s essential for every small business owner to protect their business information and accounts from viruses and hackers which could bring your business to its knees.
David Emm, senior security researcher at IT security company Kaspersky, gives solutions to some of the biggest security challenges faced by SMEs.
Q: Why is online safety important for small business owners?
A: Online safety is very important for all small business owners, more and more cybercriminals are targeting them, as they are viewed as ‘easy’ targets. In fact, according to the study ‘Financial cyber threats in 2013’ conducted by Kaspersky Lab, cybercriminals are increasingly trying to gain access to people’s online accounts.
Last year, the number of cyber-attacks involving financial malware increased to 28.4 million, 27.6% more than in 2012. SMEs are no exception in this regard and can also be targeted.
SMEs should use fraud prevention solutions that are designed to protect from malware, which often targets computers and mobile devices.
Q: What is the goal of information security for my business?
A: Firstly, understand the security risks faced by your company deploy solutions and implement processes and procedures that will reduce the risk of attack. Finally, manage any security breach to ensure that: business continuity is maintained, client and third-party parties’ data are safeguarded, and the possible negative impact of a breach on your company’s reputation.
Q: What are the most critical and current online threats that can affect my businesses and how do address them?
A: Aside from malware evolution, there are a lot of new business realities that make organisations more vulnerable to attacks. The explosive growth of mobile devices in the workplace, including the use of employee-owned devices, has created a huge new infection vector.
“Humans are always the first line of defence, so make sure that your employees know how to avoid common attack techniques”
It’s also important to set up internal policies to regulate employees’ behaviour in terms of IT security. It is vital to train staff on safe behaviour and teach good habits (for example, not opening unknown and suspicious attachments). Humans are always the first line of defence, so make sure that your employees know how to avoid common attack techniques and understand the potential consequences of unsafe behaviour.
Q: What should I do to protect my emails?
A: It’s important, of course, to filter e-mail as it comes into the company, to block malware and spam. Ideally, this should be done at the Internet gateway or mail server. This will minimise the risk that anything dangerous will arrive in an employee’s inbox.
Nevertheless, with an increase in the number of targeted attacks on businesses, there’s always the chance that malware tailored to infiltrate a specific company may bypass corporate security controls. That’s why it’s also essential to increase staff awareness of the threat so they know how to spot suspicious signs of attack (e.g. phishing e-mails).
Q: How should I secure my business database?
A: In light of the development of SMEs in South Africa over the past few years, more security companies are offering products which are built with SMEs in mind. This means offering premium protection technologies which don’t need big budgets or manpower resources to manage them. These products have been built to deliver protection through one platform, ensuring that IT administrators can manage and protect all systems and endpoints in their network effectively.
Small business owners must always be aware of cybercrime and should not adopt the attitude that this will never happen to their company. The sooner you are aware of cybercrime the better for your organisation in the long term.
“More emphasis needs to be placed on the use of more complex passwords which are not as easily recognisable“
Q: How can business owners create a strong password?
A: More and more people use the same passwords for all their online services. It is therefore important to note that while this makes your online experience ‘easier’ it also makes you vulnerable. More emphasis needs to be placed on the use of more complex passwords which are not as easily recognisable. Use strong passwords, which cannot be guessed, keep passwords in your head or use a special programme to store them and change your password every so often, don’t keep the same password for years on end.
Follow these tips for creating a secure password:
- A password should be made up of eight characters or more;
- A password can contain digits, Latin characters, and special characters (“$”, “?”, “!”, “<“, “>”, “””, “#”, “%”, “@”, etc.);
- The same password should not be used for different web services.