There is a massive misconception that small and medium size businesses are less vulnerable to cyberattacks and in particular email threats. The opposite is in fact true as they generally do not have adequate security measures in place, writes Cloudbox CEO Justin Trent.

If your company has internet and email you are vulnerable and every precaution should be taken to protect your business.

Large corporates can afford specialised security teams who are given responsibility for each system that the company is running. So in a large well organised network, the company would have:

* Extremely costly firewalls that are maintained by a security team;

* Regular penetration and vulnerability assessments being run against the network;

* Data that is well structured and user access well controlled;

* Multiple layered email defence mechanism to ensure email is secure; and

* Regular structured user training around email and cyber security and best practices.

In the small to medium size business it is rare to see any of these elements with adequate focus and protection. The cost of having these kinds of security measures with an in-house IT team is just simply not affordable or even feasible given the complexities of the systems required.

We have seen email threats to be the biggest threat to business, supported by data from our email security platform that cleans and filters our customer’s email. The data show that nearly 78% of received email containing security threats across over 63 00 user mailboxes.

In 2017, the phishing rate in South Africa was the highest in world, where one in 785 emails was a phishing attack – that’s a big problem. The very simple reason is that South Africa remains less secure than other countries like Netherlands (one in 1 298 emails) and Malaysia (one in 1 359 emails) and therefore highly susceptible to cyber criminals.

The two major reasons for this are education and affordability. South Africa is fairly new to the online world and is still learning about the dangers of cybercrime and they often believe it won’t happen to them.

The other reason is affordability or rather the misconception that security is too expensive. A full blown attack can seriously cripple a business, so security needs to be included in an IT budget just as with any other insurance policy.

What measures can a company put in place to protect themselves:

* Email Security: Relying on your email provider to scan your email is just not sufficient, even if it is Microsoft Office 365. There are specialty email security companies that have advanced threat protection which literally dismantle your email and scan every aspect of it before putting it back together and delivering it safely to your mailbox.

* Centralised and automated patch management: Installing critical and high security patches to all network devices is absolutely critical and if we look at the WannaCry virus, there were patches available 59 days prior to the breakout – yet it still managed to have a significant impact on business.

* Best in industry endpoint malware protection: Remember the bad stuff isn’t only coming in via mail/internet and USB drives, devices that leave your network and harmful internet sites are massive threats.

* Automated backups are absolutely essential in any business: The more regularly you can back up the better. Using a backup technology that can detect ransomware is critical. Often ransomware will remain dormant for some time which means that even if you think you have a good backup it could be compromised without using the correct solution.

* Last but not least: A little bit of common sense goes a long way. Basic user education around how to identify threats and what to do if there is a breach need to be well communicated.