Cybersecurity for South African SMEs: Do’s and don’ts
By Riaan de Villiers, Business Analyst at LAWtrust
The expansion of IT fields in the digitised Fourth Industrial Revolution to include the Internet of Things, cloud computing and other developments exposed most businesses to advanced cybercrime attacks.
Upping Cybersecurity Measures
Small Medium Micro Enterprises (SMMEs) do not usually have a big budget to spend on advanced cybersecurity systems to protect themselves from cyber-attacks. They also do not deem themselves as obvious targets for scammers, since they assume they are out of cybercriminals’ radar.
The expansion of IT fields in the digitized Fourth Industrial Revolution (4IR) to include the Internet of Things (IoT), cloud computing and other developments exposed most businesses to advanced cybercrime attacks. Some of the attacks are subtle and can vary from phishing, identity theft, brute-force and malware attacks.
According to Cybersecurity Ventures, a global research and market intelligence firm, the damages from cybercrimes are predicted to cost the world $6 trillion by 2021. Coming back home, South Africa was ranked as third on the list of vulnerable most-targeted countries for attacks by the global Cyber Exposure Index.
For small enterprises to be protected from these cyber-attacks, there are a few basic Do’s and Don’ts they can implement in their businesses.
- Use hard-to-guess passwords and passphrases: creating unpredictable password combinations that include capital letters, lower case letters and special characters make it memorable for you as the user, but hard for the hacker to guess.
- Use different passwords for different accounts: to prevent all systems from being hacked, use different passwords for each account.
- Keep your passwords or passphrases confidential: do not share passwords or write them down where people can easily find them.
- Have a cyber-security strategy in place: have an incident response plan in place should any cybersecurity attack take place.
- Don’t leave sensitive information lying around the office: do not carelessly leave private information lying on your desk. Maintain a clean desk policy and keep your information safe at all times.
- Don’t open mail or attachments from an untrusted source: pay attention to phishing traps in emails and keep constant surveillance for tell-tale signs of a scam.
- Don’t click on links from an unknown or untrusted source: cyber attackers often use links as a trap to lure users into visiting malicious sites and downloading malware that can be used for data theft or infiltrate networks.
- Don’t be tricked into giving away confidential information: verify the identity of callers claiming to be employees of a business asking for confidential information.
- Don’t install unauthorised programs on your work computer: the unauthorised application could pose as legitimate software but conceals malware.
Simple measures like these can go a mile in protecting your business systems and keep you safe from avoidable attacks that can put your confidential corporate information at risk.