How small businesses can protect themselves from cybercrime

1 Views

Having a plan in place ensures the business can respond swiftly and effectively in a crisis.

Most businesses in the world are embracing digital transformation, and it is no different in South Africa.

However, businesses moving full-on digital have become vulnerable to cybercrime, especially small and medium enterprises (SMEs) since they do not have a big budget to protect themselves.

According to Accenture’s Cost of Cybercrime Study, 43% of cyberattacks globally target small businesses, which are often viewed as easy targets due to limited cybersecurity infrastructure.   

ALSO READ: Tips on cyber hygiene: Are you as clean as you think you are?

Underestimate cybercrime

Faiez Hartley, head of IT at Business Partners Limited says many small businesses in the country underestimate their vulnerability to cyberattacks.

“Cybercriminals exploit gaps in defences, causing significant harm that can, in some cases, lead to business closure. It’s imperative that SMEs in South Africa recognise the urgency of investing in cybersecurity.”

The cost of cybercrime on businesses

He adds that the real cost of cyberattacks on small businesses can be catastrophic. Research shows that the average cost of a data breach is estimated to be R53.1 million.

Apart from the immediate financial losses, businesses can experience downtime after a cyberattack, which could result in loss of customer trust and potential legal ramifications.

“What is often overlooked is the long-term impact on customer relationships and brand reputation. A breach can lead to a loss of confidence from both consumers and business partners, which is often very hard to regain.”

ALSO READ: Watch out: scammers clone social media and websites to steal from you

Consequences of a data breach

Hartley adds that for SMEs, the consequences of a data breach can be devastating due to having to manage the costs of the incidents. This can include costs attached to the data breach investigation and possible fines, especially under the Protection of Personal Information Act (POPIA).

“Verizon’s 2023 Data Breach Investigations Report highlights that 74% of breaches involve human error, often stemming from a lack of employee training or awareness about cybersecurity best practices.”

He says that small businesses tend to overlook cybersecurity training, leaving them vulnerable to phishing attacks – one of the most effective methods hackers use to infiltrate organisations.

ALSO READ: Cyber extortion: Ransomware results in R140 million loss for SA companies

No business is too small to be affected

He says no business is too small to be affected. The smaller the business, the more devasting the impact of a cyberattack can be.

“Many SMEs believe they are too small to be targeted by cybercriminals, but this couldn’t be further from the truth.” He advises small businesses to invest in cybersecurity, but he also emphasises that effective defences don’t have to be expensive.

“It is an investment, but basic measures such as firewalls, anti-virus software, and regular system updates can go a long way towards protecting a business from cyber threats.”

Strong culture of cybersecurity

“One of the most critical aspects is employee training. Introducing multi-factor authentication instead of just a password and providing regular training sessions that teach staff to recognise phishing attempts and identify suspicious online activity can significantly reduce the risk of human error leading to cyber breaches.”

He advises SMEs to have a well-defined incident response plan.

This plan should outline the steps to take in the immediate aftermath of a cyberattack, including who to contact, how to reduce damage, and how to inform affected stakeholders. Having this plan in place ensures the business can respond swiftly and effectively in a crisis.

NOW READ: Danger of sharing customers’ data without permission