This year, at ITWeb’s 17th annual Security Summit, the Director for Cyber Security at the University of Johannesburg, Professor Basie von Solm, eluded to the fact that small and medium-sized enterprises (SMEs) are bearing the brunt of cybercriminal activities.
While it may be true that larger corporations are the main targets of cyber attacks, recent studies have shown that the online threat for South African SMEs is sharply on the rise. This is mainly because many SMEs do not know enough about cyber security and are unaware of just how important it is for them and their business.
So, what exactly is cyber security, and why is it so crucial for South African SMEs? How can you make sure that you and your business are protected against the would-be acts of cyber criminals? Everything you need to know can be found right here.
What is Cyber Security?
Cyber Security is the protection of internet-connected systems (mobile phones, computers, data, servers, networks, etc.) from online or cyber threats. Businesses and individuals alike rely on cyber security to protect their hardware, software, and all information stored and transferred online and across their devices.
Cyber Threats
Online attacks can manifest in several ways. It is all about the intention of the cybercriminal and what they hope to achieve by accessing a business's information. With only half the population able to correctly identify any particular cyber-attack, it’s important to know the most common cyber threats facing South African SMEs today.
1. Malware
Malware is an application that is designed to perform malicious attacks. Some malware may be used to spy on your devices to gain access to valuable information, and others could give the hacker continuous access to a network. Ransomware is a popular form of malware designed to extort the victim, with the hacker encrypting your device and forcing you to pay a ransom for the decryption key.
2. Phishing
Phishing refers to a victim being tricked into giving up valuable information. A phishing attack typically arrives in the form of an email or SMS, with the attacker posing as a legitimate business or associate requesting that you confirm credentials such as passwords, bank information, and intellectual property. This cyber attack is very common as it is easy for the attacker to carry out and, unfortunately, is highly effective, with many victims unable to see past the smoke and mirrors.
3. Password Attack
A password attack is when a cybercriminal uses various methods to try and guess or ‘crack’ your password. These techniques include the Dictionary Attack, Credential Surfing, Password Spraying, Brute-Force Attack, Keylogger Attack, and Phishing.
4. Business Email Compromise (BEC)
A BEC attack is when a specific person within an organisation is targeted, usually someone with access to financial information who can authorise financial transactions. The attacker will trick the victim into making a deposit into their own account, usually under the guise of a company or associate that the victim knows.
5. Distributed Denial of Service (DDoS)
DDoS involves flooding the target server with traffic to disrupt or end their service. The attacker would use multiple compromised devices as leverage against any singular target.
6. Man in the Middle (MITM)
With MITM, the attacker places themselves between the victim's device and the other intended party. They will then have access to all information shared between the two parties and can use it as they please. MITIM attacks often happen when logging into an unsecured WiFi network or using an unsecured online portal.
7. Structured Query Language (SQL) Injection
Cyber attackers will release malicious code into a server that uses SQL. This malware will then give the attackers access to all information available on that server.
SMEs and Cyber Security: How to Protect Your Business
SMEs in South Africa are most vulnerable to cyber attacks because they either do not invest in cyber security due to a lack of knowledge or they cannot afford to. Cyber attacks could lead to system damage, the theft of confidential and/or financial information, and compromised data. The impact on your business could be extremely detrimental. You may even incur legal fees if the virtual attack on your business led to the loss of third-party information.
It is imperative that you protect your business as best you can and safeguard it against attacks from cybercriminals. Here are some steps to follow to ensure the safety of your business's online assets:
Update Your Software
Most software updates come with upgraded security measures that are evolving alongside their cyber threat counterparts. Making sure that your device software is up-to-date will add a protective layer to your online security.
Anti-Virus
Even a basic anti-virus will detect and remove incoming threats, protecting your device and online activity. Make sure you have one installed on all your devices and keep it updated.
Backups
In the event that a threat is able to slip past your security protocols, having backups both offline and online will ensure that you can retrieve any lost data.
Passwords
Make sure that your passwords are strong and not easy to guess. Do not tell anyone else your password unless it is absolutely necessary for them to have access to the same portal. Try not to write any of your passwords down. If you need a means of remembering them, use a verified password managing tool. It is also best practice to regularly change your passwords.
Two-Factor Authentication
This allows you to have an extra layer of security every time you log into a particular platform. Instead of only using your usual password, you will also be required to enter another password that is sent to your email or to your phone via SMS. Banks often use app verifications as two-factor authentications, whilst apps that usually do not require a password will encourage you to create one for added security.
VPN
A virtual private network (VPN) allows you to extend your device’s private network across public networks. This means that, even if you access a public network, your device will still interact as if it is on a private network, with all the added security benefits. Be sure to invest in a good VPN tool.
Avoid Human Error
Most cyber attacks are a result of human error. This is what you can do to avoid becoming a victim: Never open attachments from unknown senders, do not click on links from unknown senders or on unfamiliar websites, avoid giving out passwords and other information via phone or email and SMS, and do not log onto unsecured or unknown (public) WiFi networks.
Avoid headaches, financial loss, and unnecessary admin by doing all you can to ensure that you and your business are secure online. Stay safe out there, Mzanzi.
Learn more about secure online payments for your business: How to Choose the Right Payment Gateway for Your Online Business.
