Why Africa's SMEs must beef up security
Why Africa's SMEs must beef up security
Security experts believe growth within Africa's SME segment means that small business are becoming more prone to attacks by cybercriminals. Security is often not considered a priority focus, despite these businesses housing valuable data.
According to the 2014 Global Corporate IT Security Risks survey, conducted by Kaspersky Lab and B2B international, although businesses realise that their customer's personal information (25%), payment requisites (13%) and trade secrets (12%) are among the top priorities of their information security needs, they tend to still take very basic protective measures, relying, for example, on free anti-malware products.
ITWeb Africa spoke to Bethwel Opil, channel sales manager at Kaspersky Lab, East Africa, to get his take on the situation and what it means for the market going forward.
CHRIS TREDGER: Can small businesses survive the information age with free anti-virus solutions?
BETHWEL OPIL: I don't believe that free anti-virus software is efficient enough, especially for businesses. Creating highly efficient comprehensive solutions that secures from current and future cyber-threats requires expertise and input from professionals, who of course need to have their salary for the work they do. After efficiency, security updates and IT support are also in question regarding free software. When dealing with any future infections or other malicious activity on their machines, users will often learn that any virus removal programmes and support are most often not free.
Technology is expanding at a fast pace, which is great for productivity in the workplace, but can be detrimental to SMEs if they do not have the right security in place. A free anti-virus solution is not nearly enough protection for a company as it only offers a certain level of security – giving the organisation minimum protection – not expansive enough to protect confidential company information.
SMEs need to identify the level of security they need, dependent on the company's workforce and IT structure, and implement the right security into their company – security that will fit their budget and effectively protect them from cyber threats.
CHRIS TREDGER: Are SMEs in Africa paying enough attention to security and addressing critical requirements?
BETHWEL OPIL: When it comes to IT security concerns, most small business owners tend to think about other business areas as a priority first. The reality is that many SMEs in Africa do not possess the know-how and resources needed to protect themselves effectively against Internet threats. Often, they feel the subject is too complex, that security specialists are rare and expensive and, as internet security is simply not part of such companies' core business, it tends to be neglected.
In addition, as a market, Africa is a lot less mature when it comes to Internet penetration and as such, small businesses often see cybercrime as a global problem – neglecting to understand just how serious this is in Africa too.
This means that small businesses need to realise the importance of - and educate themselves around cybercrime, but, even more importantly, they need to exercise heightened online vigilance, consider IT security when running their business and determine how to best protect themselves and their company information.
CHRIS TREDGER: Which regions in Africa are the most proactive when it comes to cyber security, which are the least?
BETHWEL OPIL: As internet usage in Africa continues to increase, so the internet security breaches being reported have increased too. The reason for this is the fact that as more broadband is made available to the African market, more businesses are embracing the digital world - often making them an ideal target for cybercriminals. The same can be said throughout many African countries, where broadband development is currently happening at a fast pace.
In light of this, Kaspersky Lab has created a presence in a number of countries, including South Africa, Kenya, Nigeria, Cote D'Ivoire to help address security issues in the region. We have found that these countries are well aware and proactive around cybercrime and are really starting to take this seriously.
We also work closely with other countries, for example, recently Kaspersky Lab has signed a memorandum of understanding with the National Agency of Digital Infrastructures and Frequencies in Gabon (ANINF is the Gabonese government agency responsible for implementing a digital development strategy in the country), with which we started cooperating in IT Security.
With regards to the least proactive, I would say Namibia and Ghana. Over the last few years, they have experienced a number of cyberattacks in their countries which has left them very vulnerable to hackers and indicates that they are perhaps not as prepared with regards to cyber security as they should be.
CHRIS TREDGER: Cost remains a challenge for SMEs, right?
BETHWEL OPIL: Cost is a huge challenge for SMEs in Africa, as often budgets are very limiting. Where cost is a barrier to adoption, it is important that solutions are available to these African markets – making it more affordable as well as providing a real solution that meets the increasing security demands within these companies and regions, accordingly.
CHRIS TREDGER: How much of the budget should a small business allocate to security? and what is the minimum level of protection that should be acquired?
BETHWEL OPIL: We feel that in light of increase of broadband in Africa, SMEs should allocate a sufficient amount of budget to security, as they will, in the long-term, save money by not being vulnerable and falling victim to cybercriminals. However, every SME is different and as such, there is no cut and dry cost that can be identified – rather one should look at what their business functionality online is and would be in a couple of years and from there, decide on the right solution for their business.
As SMEs today have to contend with the uptake of BYOD, which has created waves in Africa. Small business owners now not only have to make sure their server is protected from cyber criminals, but also have to worry about smartphones and tablets that are used to carry business information which can be easily lost or stolen. With this in mind, SMEs should look to have good protection and security in place for all their endpoints – server, computers and for their employee's mobile devices.
CHRIS TREDGER: What kind of cyber security protection is applicable for small businesses?
BETHWEL OPIL: The security solution should be easy to manage and be effective in securing organisations from IT threats. Unfortunately small businesses are often choosing between cumbersome and expensive "corporate" security, or "consumer" security not designed for their business needs...while they want simple, reliable, practical solutions that are easy to use and offer good value.
CHRIS TREDGER: Why should cyber security be at the top of a small business priority list?
BETHWEL OPIL: Security should be a priority for small and medium-sized businesses from day one, as the cost of a breach can be devastating and result in not only loss of earnings, but business closure. Business process stand still (i.e. the need to pass on taxes when some ransomware has blocked all the files on accountant's computer), fraud costs (i.e. when account is stolen upon making some payment), securing intellectual property, reputation costs and customer-support expenditures (i.e. if a database is leaked) are just a few reasons why SMEs cannot afford to leave security to chance.
CHRIS TREDGER: Which cyber threats are small businesses most susceptible to?
BETHWEL OPIL: SMEs can fall victim to a wide number of attacks relevant both for consumers and businesses, such as phishing websites and spam, malware on removable devices, online banking threats, data loss, via mobile devices, IT discipline and productivity, that includes social media use among their employees.
CHRIS TREDGER: How can a small business protect itself in a cost effective way?
BETHWEL OPIL: SMEs can undertake a number of steps which form a kind of security conduct', among them are the following:
• Have security software in place, have it updated as well as all other software – the security incident can cost a lot more.
• Educate your employees – make sure that your employees are aware of the realities of cybercrime, as negligent employees are the most common cause of data breaches.
• Have strong passwords – urge yourself and your employees to have strong and regularly updated passwords, not use the same password for all their accounts. Have passwords on mobile devices.
• Back it up - small businesses can lose data as well as money in a cyberattacks or even simple hardware break. So it's important to make regular back-ups.
• Be attentive while making online financial transactions, be attentive to social engineering tricks, such as letters with attachments pretending to be real invoices or messages from banks.