Five ways SMMEs can improve their cyber security

The harsh reality is that for SMMEs, a data breach or ransomware attack could mean the end of a business.
The harsh reality is that for SMMEs, a data breach or ransomware attack could mean the end of a business.

An overwhelming majority of cybercrimes target small, medium and micro-size enterprises (SMMEs), and yet, despite their obvious vulnerability, research shows that most of these business owners don't consider themselves at risk of falling prey to cybercriminals.

This is according to Bruce Murphy, Microsoft SA's OEM Technical Sales - design in strategist, who says this misguided belief explains why more and more unprepared organisations are left exposed, hacked and high-and-dry in the aftermath of an incident.

"With unauthorised network entry, reputation-damaging data loss and insolvency on the line, businesses can't afford to cut corners when it comes to ensuring uncompromised networks. Here are five aspects businesses should focus on if they are serious about safeguarding themselves from cyber attacks."

Small doesn't equal immunity

Murphy says that business owners should be fooled into thinking that the business is too small to be targeted, or that the digital footprint isn't significant enough. "All it takes is one employee opening a virus-riddled email for the business to suffer a cyberattack."

A recent malware deployment spree in Tennessee specifically targeted 58 small businesses, which illustrates the current trend of cyber criminals focusing on smaller communities. He says naivety also plays a role here, with a lot of small businesses bowing out of security solutions with the excuse they do not know what they need, or assuming that their current solution is secure enough.

He adds that it is the business owner's responsibility to do his or her research, and ensure that the organisation, and the people it employs, are sufficiently protected from the threats that exist today, irrespective of the business's size.

Regular updates are key

For Murphy, businesses that procrastinate over software and hardware updates, open themselves up to vulnerabilities. Ensuring that operating systems, Web browsers, anti-virus solutions, cloud systems, and all devices (including personal devices), are kept up to date, massively minimises opportunities for cyber attacks.

"As the security threats we face today are ever evolving, it is imperative that businesses set up automatic updates and manual checks for new versions of the software they use." he adds "Windows 10 is the most secure operating system available today when it's up to date, because it has built-in anti-virus, firewalls and backup softwares already installed, and leverages AI and machine learning. This means that when the operating system (OS) notices something even remotely suspicious, it'll take measures to secure your system and stop the potential threat in its tracks. Defender and security updates are released every Tuesday to ensure that no stone is left unturned as potential threats become more cunning and less obvious over time."

Employee education makes a huge difference

"I can't stress enough how important it is to educate staff on best cyber security practices, including security protocols for keeping employee, vendor and client data safe," he adds. "Also, bear in mind that a once-off education is not enough, as these kinds of threats are always changing, and employees need to be equipped with cyber security knowledge and training on an ongoing basis."

Business owners must educate and train on an ongoing basis, because the most advanced cyber security system will still fail if employees don't know how to use it properly. "Teach your staff how to identify fake emails and unsecured websites to prevent malware infection, as well as the damage-control procedures to follow should a breach occur."

Don't disable features

Most operating systems have security features and technology built in, with the intention of protecting that device from potential threats.

"For example, though the setting is often disabled by IT managers, the little box that pops up asking the user if they are sure they want to run an application, is actually preventing unauthorised access to crucial system resources, which could be extremely damaging to the business in the wrong hands. In addition to keeping security features enabled, be sure to use a secure Web browser, such as Edge, and check that no extensions can activate your device's microphone and camera to fish for information.

A cyber security strategy should be holistic

SMMEs, don't need an extensive IT department to ensure their businesses are optimally protected from data breaches and ransomware incidents. All they really need is to use modern devices with the latest OS, and more secure applications and Web browsers.

Murphy advises to avoid downloading unsecured, unknown applications, and to rather use the ones found on the system's online app store. "Additional security features, like BitLocker, fingerprint activation or facial recognition, also enhance your overall cybersecurity strategy. Plus, if you have an operating system with built-in data back-up, recovery and antivirus protection, such as Windows 10, then you won't need to spend more money on additional products."

One of the benefits of Windows 10 Pro, is that it doesn't derogate the performance of PCs as a lot of separate anti-virus programs tend to do. A business's productivity won't be affected, and it will always have peace of mind that its network is secure.

The harsh reality is that a major data breach, ransomware attack or easily-penetrable system can mean the end of a business of any size. Given that cyberattacks are becoming so prevalent and increasingly severe, it is in every organisation's best interest to prepare for the worst and implement a holistic cyber security strategy, that covers all of the bases.

Share