As the world becomes increasingly digital, companies are becoming more vulnerable to cybercriminals.
Cyber-attacks can be defined as unauthorised attempts to access, corrupt, or delete companies’ sensitive data.
As a small business owner, it’s easy to think that hackers and cybercriminals aren’t interested in your company’s information. After all, cyberattacks on big companies are usually the only ones that make the news. Because of this, many small businesses don’t have a cybersecurity plan, making them easy targets for cybercriminals.
The Veeam Data Protection Trends Report 2022 uncovered that 86% of South African organisations suffered ransomware attacks, making cyber-attacks one of the single-biggest causes of downtime for the second consecutive year.
To protect against cyber-attacks, it’s important to understand best practices for keeping your company safe online.
What are the biggest cybersecurity threats for businesses?
Businesses face a wide range of cybersecurity threats, including:
- Phishing scams: When cybercriminals try to get sensitive information like passwords and usernames, customer information, or credit card numbers by pretending to be a trusted, known source in online communication.
- Spyware: An attempt to obtain information about a person or business without their knowledge. This information could then be sent to another organisation without permission, or the cybercriminal could take control of the device.
- Malware: Malicious software that infects users’ computers with viruses, worms, trojan horses, or spyware. This frequently damages the device and renders it unusable, at least temporarily.
- Ransomware: Malicious software that holds a company’s computer or data hostage and threatens to release it or restrict access to the device unless a ransom is paid.
By far the most serious cybersecurity threat to businesses is fraudulent emails. In fact, the 2022 State of Email Security report revealed that more than three out of every four South African organisations were receiving an increased number of email-based threats.
How can a cyberattack impact my business?
Businesses should also be aware of cyber threats such as viruses, spyware, and malware, as well as people impersonating the company or its employees in online communications and ransomware.
In addition to material losses (of data, files, or systems), cyber-attacks can have an impact on a company’s resources because staff must focus on dealing with the issue and implementing a new security system. Employees may be unable to complete their daily tasks as a result of the incident. Cyber-attacks can also harm a brand’s reputation, cause client and customer loss, and impact the company’s service quality.
If the cyber-attack results in a data breach, companies could face heavy fines.
Fortunately, the most damaging types of cyber-attacks can be avoided by properly training employees. Employees should understand how to avoid phishing scams, best password security practices, how to respond to fraudulent emails, and other cybersecurity fundamentals.
What links are safe to open?
Even if the link was sent by someone you know, you should always question its trustworthiness. By clicking on a malicious link, you risk infecting your computer with a virus, spyware, or malware.
There are a few red flags to look for when evaluating a link. Shortened links, for example, are frequently used by malware distributors or phishers (those who run phishing scams) to conceal the true destination of the link.
Additionally, links containing a string of strange characters, such as “% “, or links from unsolicited emails should be avoided.
Is it possible to get a virus just by opening an email?
While opening an email can occasionally infect your computer, email attachments or links pose a far greater risk. When you click on email attachments or links, viruses, trojan horses, or worms may be activated.
Never open an attachment sent by an unknown sender. If you receive an email with an attachment or link from a known email address but were not expecting it, it is best to contact the sender and confirm the email’s validity. Hackers can easily gain access to email accounts and then send infected emails to the account user’s contact list.
Is it safe to use public Wi-Fi?
More employees work remotely these days, including from coffee shops, shared workspaces, or other public places with free Wi-Fi.
Because man-in-the-middle cyber-attacks (when an unauthorised individual views or accesses your private information as it travels from your computer to a website) are extremely common on unsecure networks, public Wi-Fi should not be trusted for sending, receiving, or working on sensitive corporate information.
Man-in-the-middle attacks are similar to online spying. When working in public places, remote employees should use a VPN (virtual private network) or 4G for a more secure connection.
Tips for staying safe online
Staying safe online doesn’t have to be difficult or expensive. A few simple security measures could keep your company safe from cyber criminals and allow you to use the internet freely.
Here are the basic security precautions that every company should include in their cybersecurity policies.
Stay safe in the cloud
Cloud technology allows remote employees to share, send, and access real-time data from any location at any time. It also allows companies to automate administrative tasks, such as payroll or invoices, saving time and money. Like any online platform, it’s important to maintain a sense of cybersecurity awareness when using the cloud.
To prevent most cloud-based security threats, companies should have policies for employee access and encrypting data and should encourage proper vigilance and training.
The advantages of cloud computing are endless, but especially the ability to ensure that data is adequately protected and recovered quickly, thereby minimising downtime. In fact, 67% of South African businesses are already utilising cloud services as part of their data protection strategy.
Choose a strong password
While most of us are aware of the dangers of weak passwords, few of us actually use strong ones. Best practices say that passwords should be changed often and never used for more than one account.
According to Google, a strong password should include a combination of letters, numbers, and symbols. You can also substitute numbers or symbols for letters. Gettowork, for example, becomes G8t2w0rk, and taking the first letter of a longer sentence, such as “The Duke of York had 10 Thousand Men,” becomes TDoYh10TM.
Not only do these formats improve password security, but they also make passwords easier to remember. To ensure that employees only use strong passwords, you can set password requirements on company devices and software.
In addition to standard passwords, two-factor authentication (also known as 2FA) can be used to protect business accounts. Because it involves sending a code to a trusted device, such as a mobile phone, this provides a higher level of security. This code must be entered in order to access the system or account, making account hacking nearly impossible.
Use antivirus software
Antivirus software should be installed on all devices. Scams, malware, spyware, and ransomware are all protected by antivirus software. Some programmes even backup important documents to facilitate recovery.
To choose the best antivirus software, consider the size of your network or the number of devices, the features offered by different packages, and any special requirements your company may have.
Companies with more than ten devices should consider investing in a business security solution to help protect the entire network. It is always preferable to pay for antivirus software rather than download a free version from the internet.
Steer clear of pop-ups
Pop-ups are, at best, annoying, but at worst, they can be dangerous. Pop-ups can lead unsuspecting users to click on dangerous links or download virus-infected files. Some pop-ups, known as scareware, may even claim to have discovered a virus on your computer and request payment to remove it.
Accepting this service, however, may result in the installation of additional malware on your computer. To avoid accidentally clicking on an unsafe link or setting your internet browser to block pop-ups entirely, always close pop-ups using keyboard controls.
Backup and encrypt data
All corporate data should be backed up on a regular basis. This way, even if your computer becomes infected, blocked, or corrupted by a virus or malware, you can still access critical business data. Data should be stored in a secure location, such as on blockchain, cloud solutions, or offline.
Under POPIA regulations, any company that collects or processes personal data on their employees and customers is required to legally protect that data. Data must be encrypted using either ‘privacy by design’ or ‘privacy by default’ measures, rendering the information unreadable to anyone who does not have the appropriate decryption codes.
What to do if you’ve experienced a cyberattack
If you suspect a data breach or cyber-attack, you must act quickly. Data breaches can be time sensitive, so failing to respond immediately may have far-reaching consequences for your company. Contact your IT support at the first sign of a cyber-attack. They’ll be able to assess the situation, identify the root cause, and put a plan in place to correct or contain it.
If the breach involved a data leak of customers’ personal information, you must report the breach in accordance with POPIA regulations. Certain breaches must be reported to the information regulator, and depending on the severity, customers may be notified as well.
If you determine that the breach does not require reporting, you must still document the circumstances and provide valid evidence to support your decision.
After the breach has been addressed and reported (if necessary), you must carefully examine your company’s cybersecurity plans. In most cases, you’ll need to improve your online security and better train your employees to protect yourself from future cyber-attacks.
There is an urgent need for organisations that are not yet in the cloud to accelerate their cloud strategies because it provides the best, and arguably only, way for them to recover data quickly—in addition to the business and service efficiencies that would be unlocked.
Data protection and recovery are important parts of a modern strategy for data protection. They prevent hackers from trying to hold an organisation hostage or delete data, and they also provide a safety net in case an employee deletes something by accident.