Q: Most SMEs don’t consider their business to be vulnerable, what evidence from Africa disapproves this mentality?

A: In our experience smaller companies often adopt the attitude of ‘this won’t happen to me’ (referring to an IT security risk) – as for them, it is more important to spend their time and effort running a profitable business, and rightly so. However, this is a risky viewpoint to take. No company – no matter its size - is safe from cyber threats.

Today cybercriminals are getting smarter in their attacks. They are targeting perceived vulnerable companies. In fact, over the years, as broadband has become readily available in Africa, general threats (like ransomware, financial fraud, etc.) have increased. Threats focused on businesses (from vulnerabilities in corporate software and cyber espionage aiming intellectual property, to targeted attacks) are also on the increase.

Often users don’t take precaution measures unless they face the threat and unfortunately lose their time, money and data as a result of the cyber security incident. This is not a good stance. There are different threats out there, for example according to our Kaspersky Security Network (KSN) statistics for April-June 2015 overall 14.7% of KSN participants in Kenya faced web-borne threats, and 39.7% faced local threats (USB, flash drives, local networks).

Q: Why should cyber security be at the top of a small businesses priority list?

A: The cost of an IT security breach/incident can be devastating to a small businesses’ reputation and can result in loss of earnings and business closure. Business processes standing still, fraud costs, securing intellectual property, reputation costs and customer-support expenditures are just a few reasons why SMEs cannot afford to leave security to chance.

Q: Which cyber threats are common among small businesses?

A: SMEs can fall victim to a wide number of threats, including phishing, malware on removable devices, online banking threats, data loss (via mobile devices) and the threat of the Bring Your Own Device (BYOD) policy. It is thus essential that SMEs put the right IT policy, as well as security solutions for their server, PCs and mobile phones in place, from the start. This will not only help curb cybercrime, but will also give companies peace of mind that their data is protected against any attack.

Q: A quarter of small businesses think that cyber security is too expensive to implement. How can this attitude be changed? 

A: While security can be expensive to implement, it is important to realize that having the right IT security processes in place will help a company in the long-term and as a result can save a company many unnecessary costs. Small businesses however often find themselves choosing between cumbersome and expensive "corporate" security, or "consumer" security not designed for their business needs while they need simple, reliable, practical solutions that are easy to use and offer good value. Kaspersky Lab is always ready to support SMEs on the types of products best suited for their organization and IT budget - as we believe that it’s important that SMEs know that there are solutions available to them that will assist them with their security.

Q: How can a small business protect itself in a cost effective way?

A: Small business can protect themselves from cyber threats by examining the following:

•Anti-malware technology - Malware can make use of your computer resources, can block access to your files or, for example, contain keystroke logging, which means criminals are able to steal login credentials and gain access to valuable information. As such, companies need to make sure to have effective security solutions installed and all software is up to date.

•Anti-phishing scanning - when criminals become aware of poorly defended third-party sites that are of value to them, they can use a businesses’ login details to gain access to the site. However, by using anti-phishing scanners in browsers and email, it can decrease the chance of users being tricked into disclosing their login credentials.

•Change of passwords – Employees should constantly change their passwords on their PCs and smartphones.

•Educate your employees – Kaspersky Lab urges companies to constantly educate themselves and their employees to the realities of cybercrime and to make sure that they are always cautious about cyber threats.

Q: What kind of cyber security protection is applicable for small businesses?

A: The protection should be efficient, it should secure all possible threat vectors and be easy to implement and manage. With this in mind we have created a special product for organizations of up to 50 employees - Kaspersky Small Office Security. It offers them enough protection without providing a costly solution. Kaspersky Small Office Security 4 includes, among others, the following features:

•Enhanced protection from all known, unknown and advanced threats.

•A new cloud-based management console – that lets business owners or their IT advisers easily manage IT security and devices from anywhere, using web browser.

•New cloud-based password management – that stores critical company login details and enables users to have a different, unique password for every secure site, across all devices, while only needing to remember one master-password.

•Security for financial data – that protects online business and personal transactions from financial fraud. This includes improvements to the award-winning ‘Safe Money’ module

Q: Most SME operators are not techno and cyber security savvy hence vulnerable to cyber-attacks. What measures can Kaspersky put in place to address this?

A: We believe awareness is important, and for that reason we share our research findings, warnings and advice. So SME owners should from time to time update themselves on emerging cyber security risks and steps that should be taken to avoid them, and share this knowledge with their employees. For example, an accountant should understand that not all attachments are safe to open even if the mail seems to be from a new bank that is offering new services. One shouldn’t automatically cancel the security programme blocking a link from the e-mail without considering while this warning popped up. A sales representative’s tablet should be under password and its loss should be reported as soon possible so that customer data can be remotely wiped from it. 

Q: Can small businesses survive the information age with free anti-virus solutions – if not why?

A: Free anti-virus solutions are better than nothing, however, users, especially business owners, shouldn’t have deceptive feeling of complete safety with them as they offer limited protection. Free products provide “good enough” protection rather than strong protection found in premium products. Additionally, when dealing with any future infections or other malicious activity on their machines, users may quickly learn that any virus removal programmes and support are most often paid. To put it in short: you get what you pay for. Having the right IT security in place means peace of mind, and time to focus on business growth in key areas.