Four crucial steps for SMEs
Bolstering cybersecurity defences
As cyber threats escalate, small businesses must act now to protect their digital assets.
A survey by cybersecurity firm KnowBe4 highlights a concerning gap in security practices between small and large businesses. The study, involving 2 600 IT professionals, found that 62% of small and medium-sized enterprises (SMEs) do not use multi-factor authentication (MFA), while only 38% of large corporations lack this protection. As cyber threats increase, SMEs are at higher risk due to limited resources and weaker cybersecurity measures.Anna Collard, SVP of Content Strategy at KnowBe4 Africa, warns that neglecting cybersecurity can lead to severe financial losses, legal fees, customer loss, and even business closure. She likens basic cybersecurity investment to insurance, essential for business survival.
Easy targets
SMEs are increasingly targeted due to perceived vulnerability. “Small companies often lack dedicated IT staff and robust defences,” says Collard. Cybercriminals prefer targeting “easy” businesses, including non-profits like schools. Beyond immediate financial loss, cyberattacks can damage customer trust and reputation, with ransomware recovery costs sometimes 10 times higher than the ransom itself.
To improve their defences, SMEs should focus on four strategies:
Identify and protect assets
Collard advises creating an inventory of critical assets and assessing risks to determine appropriate protections. Affordable security measures are available, and a free data security toolkit for South African SMEs (provided by the UK and South African governments) offers resources such as anti-malware and patch management.
Implement MFA
MFA adds a layer of security by requiring multiple verification methods, such as code or biometric checks. This measure reduces the risk of account takeovers and data breaches, though it should remain user-friendly and resistant to phishing.
Perform regular backups
Frequent backups of essential data and systems are crucial. Data should be securely stored off-site or in the cloud to ensure business continuity after an attack. Regular software updates and antivirus software are also recommended to close vulnerabilities.
Train employees
Educating employees on cybersecurity practices, such as recognizing phishing attempts, is vital, particularly with remote workers. Knowledgeable employees are the first line of defence.
Collard concludes that while there is a gap in security between SMEs and larger firms, SMEs can bridge it with effective strategies and resources. Distributed by APO Group on behalf of KnowBe4.