No business falls below the cyber-criminal radar
A global challenge
Cyber security is a global challenge. The British High Commission is committed to helping South Africa create a secure, peaceful, free and open cyberspace, as this is vital to prosperity and growth. At the start of this year, the UK published a new National Cyber Strategy as part of our commitment to prioritising cyber-capacity building assistance in Africa to improve our international partners’ capabilities for investigating and disrupting cyber-threats.
In South Africa we have cemented our collaborative partnership through our first ever government to government Cyber Dialogue in 2021. This partnership allows us to discuss areas of common interest like the contribution of cyber to sustainable development, combatting cybercrime, cyber-governance and cyber training, skills and education.
One thing that has been clear is the essential requirement to equip businesses with the knowledge and resources to be more resilient to cyber-attacks. We have also developed a toolkit for use in schools. For businesses we identified a specific need to support small, medium and micro-enterprises (SMMEs). They make a significant contribution to South Africa’s prosperity, but have historically not had the resources to protect themselves.
This is why we collaborated with the Cyber Security Hub at the Department for Communication and Digital Technology to develop a Cyber Security and Data Protection Toolkit specifically for SMMEs, so they can understand which risks are most threatening to their business and help them determine the mitigation measures they should undertake. It uses recognised best practice and free open-source tools to help the busy business owner navigate this often unfamiliar and overwhelming subject.
Cyber-threats to SMMEs
The average person usually treats physical security seriously. After all, few of us would go out and leave their front door open, or even unlocked, because we want to protect our property. But too many people fail to understand that when it comes to cyber security, passwords are our front-line defence, and a failure to implement a strong password is the digital equivalent of leaving the front door to our businesses unlocked.
Cyber-threats have been around for decades, but in the post-pandemic world, the dangers posed by these have multiplied exponentially. This is mostly due to the expanded threat surface created by so many more people working remotely, outside secure corporate networks, moving business and social activities to the online world.
In particular, the rapid rise of ransomware has created significant challenges around the globe, with numerous recent high profile cyber-attacks utilising this method. In addition, we have seen a huge increase in spam, phishing and whaling emails, and even the use of phone calls and texts, trying to fool users into giving away their personal information.
We know that SMMEs are less likely to have their own IT security team but the need to put in place an effective strategy to keep cyber security top of mind remains. Even in larger organisations, there is a misconception that security is the domain of the company IT specialist, when it fact it is the responsibility of every person in the business and should be thought of like any other business risk
SMMEs, however, are particularly at risk, because many such business owners view themselves as being ‘below the radar’ of criminals, due to their size, or the feeling that they don’t have anything worth stealing. This is not the case, as merely having an online presence is enough to make you a target. After all, once your data is online, it holds value to criminals, simply because this is the lifeblood of your business. They can steal it to extort a ransom from you to get it back or they can simply sell the information you hold for a profit on the dark web. This practice is repeatable and scalable so even a reasonably small payment you might make, done hundreds of times? You get the picture.
Be serious about security
It’s important to note that taking security seriously is not only safer for your business, but it also demonstrates to your employees, board members, and customers that you are aware of, and do have a strategy in place for dealing with, cyber-security risks. The builds confidence for both the consumer and the potential investor in your business. Trust is key to building a thriving business
Effective cyber security practices that significantly reduce the risk do not need large IT teams or fancy and expensive software. Focus on getting the basics right. Staff that a warned of the dangers and the methods used by criminals to infiltrate an organisation’s network
Here it’s about training them to recognise potential threats, and to adopt security best practices. In essence, you need to drive a culture of cyber-security within the business. And this focus on ‘security culture’ goes double for SMMEs, who are ultimately even more at risk.
Remember that the vast majority of successful attacks come down to basic human error - even security specialists have been known to occasionally fall for a well-engineered phishing mail. The key to driving a strong security culture is not to focus on apportioning blame, but rather on creating awareness.
So the first step is to make sure staff are more alert around the need for strong passwords or multi-factor authentication (MFA), and the need to regularly change these.
See yourself in cyber
My final message this Cyber Security Awareness Month, reflects this year’s theme of ‘See Yourself in Cyber.’ We want more business owners to understand that there are bad people out there who believe they have something worth stealing.
In both this month and beyond, then, the best advice is to ensure you stay aware and put the advice in the Toolkit to good use. Stay focused and utilise strong passwords or even implement MFA and, most crucially, pass your cyber security knowledge on to others. The more cyber security champions the world has, the more difficult it will be for the bad actors to achieve their nefarious goals.