You’ve worked hard to build your business and make it a success. Just like any business, you use the Internet to market it and run it. But working on the Internet is a big risk if you don’t take cybersecurity seriously.
The popular perception is that SMEs won’t be targeted by cybercriminals. But in reality, this mentality is putting your business directly in the line of fire. Most online attacks can be prevented or, at the very least, detected with the correct security measures and the right amount of awareness put into practice.
The hidden costs of a breach
Cybercriminals are opportunists. If there’s even a slight chance to financially benefit from your business, they won’t hesitate to infiltrate your network, lock you out and hold you to ransom to allow you access to your information again. This is known as ransomware.
The scary thing about cybercrime is that a business can sometimes go for months without discovering a breach. Often, it’s spotted by a third party such as your customers. For instance, clients picking up a change of bank details. Hackers can exploit the fact that businesses have no security measures in place, gain access and change the invoicing information. It happens all too often. Take Goliath and Goliath, for example, the company lost R300 000 when hackers gained access to the company’s email and requested that clients make payments to a different bank account. In the time that it takes for a breach to be noticed, it can cause irreversible damage to the company’s reputation and its bottom line.
How to spot a spam email
Hackers took advantage of Absa’s rebranding by targeting its clients using a phishing email. They did an effective job of convincing clients that theirs was a legitimate email. But the first clue that someone was up to no good was that the email was sent from this address: email@example.com
Always check if the sent email address is actually valid in terms of the domain name, for example, check the spelling of the domain and make sure it matches the spelling of the company name. If there is a request for personal information to be exchanged via email or filling out an e-form, this is an immediate red flag. When in doubt, don't click on any links. Open your browser in a new tab, search the company in question, sign in and see if there are any signs of suspicious activity. If you are still concerned, delete the email and change your relevant passwords immediately. Put your trust in technology and let a hosted email service with a built-in security mail feature give you peace of mind.
Security you can’t do without
At the bare minimum, your business should consider password management, institute email security and, if employees use multiple devices, you must secure each device with an antivirus and implement a firewall within your network.
For instance, a legal firm known for its need for advanced security can still suffer a breach when an employee works remotely on an unsecured device. The company can then suffer irreversible reputational damage and subsequent liquidation as clients would think twice before using that firm again knowing that their personal information is at risk. If the device isn’t secure, it can be accessed by a hacker to bypass authentication methods and gain entry into the network and client sensitive data.
Employee negligence is the main cause of successful data breaches due to a lack of attention to password practice or using devices outside the protection of a company firewall. Analyse the strength of your passwords right now and try the “Have I been pwned” website. It will show you where your passwords have been exposed. Not being able to remember your passwords is not an excuse, you can use a password manager that will house them for you and help you create ones that are difficult to crack.
Measures to bolster your security
Cybercriminals are resourceful and will always find a loophole, so it’s best to secure multiple entry points. This is why technology partners emphasise that businesses employ a holistic approach to securing your network.
Endpoint security: This is the process of providing protection to common endpoints (computers, smartphones, tablets, routers and other devices) in your network with monitoring and relevant software. Be sure to buy an endpoint solution that uses a synchronised approach to security.
A multi-cloud strategy: This refers to the use of two or more cloud computing services. For instance, take Office 365 as your email and business application solution and use a Mimecast offering to secure it. The reason for this recommendation is that Office 365 (although secure in itself), is a huge platform so there are more entry points.
Another example would be to run a production application in one cloud platform but maintain a separate, up-to-date backup or a copy of the application in another environment. In other words, disaster recovery, which is another important aspect of your security plan.
Speak to a security expert about Ignite’s stack of security products and what we can do to make your business more secure.