subscribe: Daily Newsletter


How SMMEs can maximise IT security


As the bulk of the South African economy is made up of SMMEs, it is important that cash-strapped IT managers take steps to ensure that their businesses are protected against malicious attacks.

Steve Buck, director of Edgetec, says current market conditions are tough for small to medium sized businesses (SMMEs). According to SME growth index, local companies are showing stagnation in both turnover and employment growth. Tight budgets and increasing threat from the dark web makes the fight against IT security threats that much more challenging.

“In our experience the crux is that many businesses tend to think ‘Well my company is secure because I have a firewall and anti-virus’,’” says Buck. “They fail to consider the state of the web. News reports by leading security software developers show that almost 1-million new types of malware are released into the Internet every year.”

Buck explains that a typical cyber-attack proceeds as follows:

* The malicious code or virus breaks into your network and infiltrates it;

* The virus then latches onto the network making contact and begins to download and install itself remotely (i.e. from another location over the Internet);

* It then starts to expand across your network and various IT systems;

* Critical information is then accessed and collected; and

* The company’s sensitive data is siphoned out to an external location owned by the attacker.

Buck advises that the best line of defense is education of employees. “We started our business with the idea to create a company that has a relationship-centric approach. We found that this principle should hold true for any business, especially when it comes to sharing information about how to secure your business. Involve and educate your people on how they can be a part of the solution.”

According to Buck, the best way to make sure that business protects itself is to follow the following basic steps:

* Involve – Conduct team meetings and set up a policy that educates your employees. A simple step by step process can help mitigate down time and makes your team an effective part of the fight. Constant employee emphasis is essential.

* Detect and protect – You need a service provider that listens to the needs of your business. A solution that suites your company’s needs should be recommended. Good security is not a one-size-fits-all cheap fix. Next, your service provider needs to become your partner, they have to work with you to constantly and proactively manage and mitigate any threats to your company.

* Respond – Have a plan and stick to it. A good security service provider will share a strategic plan with your organisation. This plan should allow for a proactive response that isolates and eradicates threats as quickly as possible. A good plan means you’re prepared, sticking to it means you’ll be successful.