There are several reasons why the small to medium South African enterprise (SME) can’t ignore cybersecurity. There’s the cost – the average cost of a data breach is now $US3.92 million.
There’s compliance – Gartner predicted that 10% of service investment will focus on identity and access management and data loss prevention.
And then there’s the risk – only 7% of small business leaders believe that they are at risk of a cyberattack in spite of the fact that 67% of SMEs were attacked over the past year.
According to the Keeper Security 2019 SMB Cyberthreat Study, the problem is that one in four companies don’t know where to start when it comes to cybersecurity and 60% rank it at the bottom of their list of priorities.
It’s a virtual smorgasbord of tasty hackable treats for the cybercriminal. It’s also a high-risk environment for any organisation that thinks it can bypass the complexities of doing business in the era of enforced compliance.
From the Australian Privacy Principle 11 (APP 11) that regulates the handling of personal information in Australia to the GDPR in Europe and the Federal Trade Commission Act in the United States and POPIA in South Africa, there are a lot of regulations governing data, documentation and information. This is not the right time to slack off on compliance.
So, what is the SME supposed to do?
The answer lies in developing a culture of security within the company while investing into tools, solutions and partnerships that allow for ongoing security management and control.
One of the weakest links in the organisation happens to be your people. If they can’t recognise basic security threats such as phishing mails or fake links, then they will open your carefully crafted security doors to whomever wants to come inside.
According to the Global Phish Report 2019, one in every 99 emails is a phishing attack. Close the cybersecurity skills gap with ongoing internal education and awareness that pays attention to what people need to understand to ensure that your company stays secure.
Next, invest into solutions that can be curated to suit your specific environment. One size fits all is a lie, especially when it comes to swimming costumes and security.
What you want is a solution that can fit all but will be customised to fit your business. This is key to ensuring that your defensive software is capable of addressing the vulnerabilities that are unique to your organisation. As the cyberthreat evolves – it’s believed that mobile will become increasingly popular as the cyber battleground for 2020 – your systems have to be robust and agile enough to evolve alongside it.
What tools are a good fit for the South African SME?
You want agile, customisable, cost-effective, adaptable and comprehensive.
These are not just nice buzz words on a security software box, they are critical to ensuring that your company has the right tools in place.
Compliance regulations expect you to be able to prove you did everything you could to prevent an attack. If you can’t, it can spell the end of your business.
1: Get a good firewall
This is not the same as the firewall of the 90s.
That dodgy, patchy thing that caused endless computer glitches and failed to protect anything, especially your sanity.
Today, firewalls have become powerful frontlines of defence that offer total network protection, internet and web monitoring services, and rich access control.
Kerio Control can snap into place regardless of company size or requirements and ticks the boxes of customisation, firewall, intrusion detection and more.
2: Manage your network more efficiently
From controlling bandwidth to ensuring accurate resource management to enforcing the appropriate use of the network, it’s worth investing into a network management tool that can keep a close eye on everything.
Exinda Network Orchestrator throws intelligent analytics, bandwidth management, traffic shaping and WAN optimisation into a package that also allows for the rapid identification of unusual traffic or access in real time.
3: Patch, scan and secure
There was a virus that once took down the NHS. It took down all sorts of companies from all over the world because they had not patched their computers, leaving them open for all the hacking world to see.
Cybercriminals exploited this flaw in Windows 7 to massive and unpleasant success. This is not a fable, it’s a horrible warning and should see every SME invest into patch management and network and software auditing tools as a matter of course.
GFI LanGuard is a tight and smart network security scanning and patch management solution that finds the vulnerabilities, and removes them.
It also comes part of the GFI Unlimited software suite which allows you to pick, choose and customise your security investment.
4: Don’t ignore the warning signs
Set aside the security budget.
It’s no longer a nice to have while the big guns are being hacked.
You could be next. In fact, how do you know that they aren’t already there?
This article was published in partnership with Ozone.