As South Africa’s small and medium-sized enterprises (SMEs) increasingly embrace digital tools and platforms, they also face a growing threat: cybercrime. With limited resources compared to larger organisations, SMEs are often seen as soft targets by cybercriminals, highlighting the need for robust cyber security to safeguard their operations, sensitive data, and customer trust.
By Ignus De Villiers, managing executive: cyber security at Liquid C2
Liquid C2 which is a business of Cassava Technologies, has cloud and cyber security solutions and services that can offer SMEs peace of mind with a 360º view of their entire business environment. These solutions and services are aligned with global best practice standards and should be adopted by local SMEs:
Governance – Set the right tone at the top
Every SME needs a clear cyber security risk management strategy to guide the business in managing potential threats and impact on their business.. This needs to be enabled by overarching management and a security control framework enabling protection, detection, response and recovery.
Identify – Be familiar with your digital and information assets
It’s important to understand what your critical digital and information assets are, and what needs to be protected. This could include hardware, software, and sensitive data. Keep an inventory of these and proactively identify any potential vulnerabilities and the associated cyber threat landscape. The “Need to know” is a good principle to apply.
Protect – Prevention is the first line of defence
Identity protection is key, weak or stolen passwords are a common gateway for cybercriminals. It’s important that employees use complex passwords that combine letters, numbers, and special characters and is at least 14 characters. Multi-factor authentication provides an added layer of protection and recommended.
A company’s employees are the first line of defence against cyber threats, and breaches are often due to human error or a lack of awareness. Regular security awareness training on how to identify phishing emails, create strong passwords, and report suspicious activities helps safeguard against these risks and build a robust culture.
Unsecured WiFi networks present an open door for cybercriminals. Use strong security protocols like WPA3 and ensure that only authorised devices and users can access the network. It is recommended to use an isolated network for guests with limited access.
Detect – Cyberattacks can strike at any time
Threat detection tools such as intrusion detection, malware detection, endpoint detection and response (EDR) are essential for defending against malicious attacks. Keep these tools updated to stay protected against the latest threats. Real time 24x7x365 monitoring is key for these tools to be effective and act on events and incidents timeously, before infiltration, lateral attacks and compromise occurs.
Respond – Have a plan for when things go wrong
Having a response plan can minimise damage in the event of a cyberattack. Develop and regularly update a plan that caters for the most likely threats and ensure that it outlines the detail steps to take during a breach. This should include who to notify, who to engage to assist, what actions to take and more. Ensure that everyone understands their role and share your plan with 3rd Parties who may be needed to assist.
Recover – Getting back to business as soon as possible
Recovery is just as important as prevention. Regular backups that are validated frequently and a clear recovery plan ensure your business can get back on its feet quickly after some cyber incidents, e.g. ransomware. Please ensure that backups of critical business data are securely isolated from the rest of IT landscape and/or kept at a secure off-site location.
Many South African SMEs lack the in-house expertise to manage all aspects of cyber security. Partnering with a reputable technology partner can help them navigate the cyber security threat with greater confidence, ensuring that your digital and information assets is more secure and resilient in the face of evolving threats.