There’s no doubt that digital technologies are a powerful enabler for small and medium businesses (SMBs).
By Francois Potgieter, MD of Bi-me (Business Insurance Made Easy)
Digital channels and tools have helped SMBs to reduce costs, reach new markets, become more productive, embrace flexible ways of working, and transform their customer experience. But their growing reliance on digital tech also creates a new set of risks and threats they need to manage.
These include the legal and reputational repercussions of accidentally leaking customer data, risks to business continuity when core IT systems fail or are breached, theft of intellectual property, exposure to extortion, and the possibility of direct and indirect financial losses. The Allianz Risk Barometer for 2023 shows that South African businesses see cyber-incidents as one of their top three risks.
Here are some ways companies can navigate cyber-risks and avoid losses in their businesses:
* Focus on employee education – People are frequently the weakest link in cyber-security. You can invest in the latest and best firewalls and antimalware software, but it won’t help if your employees fall for a social engineering attack. SMB owners should read up on the latest threats and best practices to keep ahead of the evolving threat cyber-security landscape. They should also drive employee awareness about how to recognise phishing attacks and what they should do to keep company data and systems safe.
* Implement multifactor authentication (MFA) – The State of Ransomware in South Africa 2023 report from Sophos shows that compromised credentials were used in 24% of attacks last year. But most such attacks could be prevented with multi-factor authentication (MFA). In multifactor authentication, a user needs something in addition to their login name and password to access a system. This could include one or more of the following: a smartphone authenticator app, a hardware token, or a biometric identifier like their voice, face or fingerprint.
* Take the 3-2-1 approach to backups – According to the Sophos report, 78% of organisations were hit by ransomware in 2022, up from 51% in 2021. The nature of this threat means that older approaches to backing up data are no longer enough. SMBs should ensure that they have backups that are isolated from their main network in case of a ransomware attack. It’s good practice to create three backups–two onsite, one offsite–to ensure the business can recover from an attack. If the onsite production systems and backups suffer an attack, you can restore your data from the uncompromised data in your offsite backups.
* Don’t forget about physical security – Hardware such as notebooks and smartphones can be a treasure trove for a criminal–they may contain valuable information such as banking passwords, financial data and logins for company applications. Ensure devices are protected behind passwords, PIN codes or biometric authentication, consider adding a physical tracker, and enable functionality that allows data on the device to be wiped if it’s stolen or lost.
* Invest in cyber-insurance in case your defences fail – With the evolving nature of cyber-crime and cyber-risks, there is always a danger that your business could be breached, despite its best efforts. Cyber-insurance policies can help your business to mitigate losses and recover in the event of a cyber-incident. Some of the ways cyber-insurance can protect your business include: defence and settlement of liability claims (for example, legal action from customers); payment of regulatory fines and penalties, if and when legally permissible; compensation for loss of income or business interruption; help with incident and crisis management; cover for restoring systems, recovering data and forensic investigation after an incident; and help managing a cyber-extortion event such as a ransomware attack.