By Nick Shutte, Regional Manager Global Corporate, Cape Region & Head of Financial Lines, Zurich South Africa
With only one in every five start-ups surviving, SMEs have a tremendous responsibility which they carry on very narrow shoulders. In addition to a lack of skills, finance and robust business plans, the absence of risk mitigation measures is compounding the challenges that SMEs have to navigate. One such risk, growing in prevalence on a global level, is cybercrime.
According to the Minister of Telecommunications and Postal Services, Siyabonga Cwele, 32% of SMEs in South Africa are susceptible to cybercrime. SMEs generally have undeveloped IT infrastructure, poor or no defence systems, no data backups and lack basic IT policies, making them soft targets.
SMEs are the weakest link
SME vulnerabilities could impact the larger partner companies and third party organisations that they work with as attackers often look for the weakest links in the security chain. Depending on the type of contract signed with the third party, any breach or loss could not just cost the SME a business contract, but also place it under significant financial pressure – to the extent where the business could even cease to exist.
Attack of the virus
In many businesses, an antivirus programme is the first line of defence. In the case of SMEs, most do not even have an antivirus programme and where one exists, it’s often the only line of defence. Furthermore, due to cost-containment measures, you would often find that antiviruses are out of date leaving SMEs fully exposed to new malware. It is also a reality that data running over SME networks may not be encrypted, making it easier for even amateur hackers to gain access.
Bringing your own device can be dangerous
SME employees are more likely to use their own devices at work, especially if businesses can’t afford hardware such as laptops or mobile phones. These devices generally lack any security leaving the business’ network more prone to cyber-attacks. Equally, employees may load confidential work information, such as documents and emails, on their personal phones or PCs and while there may be higher security in place at the office, their home networks may be less robust.
How can SME owners protect their businesses from these vulnerabilities?
The first port of call would be to install the right antivirus software (and update it regularly). These are usually readily available online or at retail computer shops. For mobile devices, freeware versions of most major antivirus brands are available on the Apple iTunes or Google Play stores with optional upgrades to the full packages at a reasonable cost. Examples of antivirus software providers are McAfee, Kaspersky, Bitdefender, Norton, AVG, Avast and ESET internet security.
It is also important to have a standard IT policy place and ensure all employees are briefed on data security measures as well as cyber-attack trends. Using an external IT security supplier is advisable as they have the expertise that will help identify and plug security loopholes and can also accept some level of liability. SMEs can also obtain cyber security advice from Cybersecurity Hub (www.cybersecurityhub.co.za), a government established facility aimed at enhancing cyber safety for South Africa’s small businesses.
As much as preventative measures may be in place, in the event that networks/confidential data is breached, having the right kind of insurance in place will considerably limit the financial risks and help manage reputational damage – keeping SMEs afloat.
Cyber security dos
- Use antivirus software as your first line of defence and keep these updated
- Insist that employee devices are also protected
- Use the services of an IT security supplier
- Conduct IT and data security briefing sessions with employees
- Ensure you have the right kind of cyber insurance in place