With smaller companies embracing the benefits of doing business online, it is imperative for them to gain a better understanding of the cyber-risks associated with the digital age. Quite often, business owners think that cybercriminals only target large organisations. Unfortunately, nothing could be further from the truth as we see businesses of all shapes and sizes across the world coming under attack.
Data from the Kaspersky Security Network for the October to December period last year, puts Kenya in 139th position in the list of countries worldwide when it comes to the dangers associated with surfing the Web with 12.8% of users facing web-borne threats. Additionally, almost half of KSN participants in the country (48%) encountered local threats such as malware spreading via removable USB drives and other methods, placing the country in 74th position globally for these types of offline risks.
A security breach can have significant consequences for a small business. Not only does it stand to lose financially, but often the negative impact on its brand reputation could result in the company having to close its doors. Simply put, a small business cannot afford to leave its security to chance and needs to make a serious commitment to protecting itself and its data – and become cyberthreat intelligent.
The use of mobile devices for business is becoming increasingly prevalent in Kenya and the rest of the continent. Companies are also allowing employees to use their own laptops, smartphones, and tablets to access the corporate network. And while this does improve productivity, the concept of Bring Your Own Device (BYOD) has implications to security. This puts the onus on the small business owner to ensure that not only is his or her own devices protected but also the personal ones from employees who use them for work.
Thousands of new malicious programmes are aimed at stealing corporate data from mobile devices. It is therefore essential for organisations to put a mobile device management system for security in place. This can include various elements such as allowing the IT department to manage all employees’ cell phones from one central point, using encryption, controlling, and protecting corporate data from malware and mobile attacks.
In addition to this mobile policy, there are other security components a small business needs to be aware of when it comes to the safeguarding of data. For example, implementing anti-malware technology to counteract software that can log keystrokes to steal login credentials or gain access to valuable information should be considered. Part of this is also to ensure that the security software is kept up to date with the latest patches and definitions.
Secondly, cybercriminals are very good at using phishing attacks to get valuable information. A business should use anti-phishing scanners in the Web browsers and email programmes of employees to reduce the risk of them being tricked into disclosing sensitive information.
Even though security software is important, the small business owner cannot ignore the human element when it comes to cyberattacks. Decision-makers are often ignorant to the realities of IT threats and the necessity of corporate security and therefore employees are not tasked to follow specific corporate security procedures.
It is therefore up to leadership team to ensure that cybersecurity is the top priority for the business. Given the speed at which attacks occur, no business can afford to ignore putting security as the central part of their strategy. There is no alternative in the digital landscape of today.
By Riaan Badenhorst,
General Manager at Kaspersky Lab Africa.