Cyber security threats like data hacks, identity theft, password attacks and viruses can, according to the GoDaddy Global Small Business Research Survey, have severe consequences for business owners, from having to shut down for some time and customers being unable to reach your business, to spending money to repair systems and losing access to accounts needed to service customers.
Small companies generally did not have the money for proper online security, which made them extremely vulnerable to attacks, says Professor Basie von Solms, director of the Centre for Cyber Security at the University of Johannesburg. He says statistics prove that small companies are becoming a target for criminals going after sensitive information.
“There are cases of ransom being demanded, sim card swapping, email phishing (fraudulent email messages),” he says. “These are all prevalent in South Africa.”
Jaya Baloo, chief information security officer at KPN Telecom in the Netherlands and speaker at this year’s Singularity University‘s Exponential Finance Summit hosted in May, says it has become incredibly easy for hackers to target businesses.
“Even employees who put on Linkedin where they work, they also make themselves vulnerable for cyber attacks,” she says.
Baloo has worked in information security for nearly 20 years. She says more needs to be done to secure businesses’ data.
Baloo warns of cyber threats like ransomware,which is still on the rise, as well as cryptojacking and card-not-present fraud.
Below is Baloo’s advice for protecting your business against potential cyber security risks.
Start by understanding what you have. A lot of small businesses evolve organically and keep adding components to their networks. At some stage they realise they don’t know their network and then they get hit by hackers when things like online backups are not in place.
Get a basic back up system in place and a basic anti-virus programme (even if it is free). Keep your systems up to date. Most surprises can be prevented!
A strategy may be too big a word or too intimidating – small businesses must get the basics right so that they can focus on their core business.
Taking care of potential risks can be done by planning ahead and doing some preparation. If you fail to plan, you plan to fail. This really applies in cyber security.
Every business has something to protect from someone. Make an assessment of who would be interested in your business, your data or your traffic. You may never be the target of a hacker, but you may be victimised by an opportunistic hacker. Therefore, you need the right protection in place.
Creating passwords like 123456. Passwords are like underwear, keep changing them and keep them fresh. Changing it should be a habit like cleaning your teeth.
1. Update (your software) regularly and upgrade when possible.
2. Make sure you have regular online and offline backups.
3. Install a basic anti-virus.
4. Keep your passwords safe – find a way to secure your passwords [for example, use a dedicated password manager].
5. Implement a two-factor authentication so you are not dependent on a single password being compromised.
6. Build a firewall and network separation/zoning – such as separating your guest WiFi network and your own internal network.
7. Get a good VPN (virtual private network) tool.
8. Beware of ramsomware. In case you are threatened by a hacker (criminal) that your data will be published unless a ransom is paid, do not pay the criminal. You should never pay the criminal because you have no guarantee that you will get your data back. For help visit the website nomorerandsom.org.