We have become accustomed to putting security measures in place in our everyday lives. We have alarms and cameras on our premises; we employ security guards; and let’s not forget that extra press on the car key to ensure the car is properly locked.
Exercising caution is necessary in our modern world, and equally so for small business owners who work hard to run their businesses and keep them going. Any threat to the security of a business, its property, people and clients cannot be ignored.
One in every three South African small to medium-sized enterprises (SMEs) is targeted by cybercriminals; vigilance shouldn’t be limited to physical access alone. We need to become hypervigilant with our digital security too, as cyber threats increase.
John Dalton, Head of Engineering at Lula, mentions that small business cybersecurity is one of the main pillars of any SME.
“The cybersecurity risks for small businesses should not just be thought of as something that happens to other businesses, but rather needs to be recognised and mitigated as far as possible before any cyber attacks occur.”
A cyber attack may cost a business money if bank accounts or payments are compromised. Other consequences to consider include the loss of reputation and clients, and possible legal repercussions.
Fortunately, investing in a cybersecurity strategy for your SME can help to avoid the worst-case scenario when the time comes. But before you do that, it helps to understand what the risks are so that you can invest in the necessary security measures.
Cybersecurity Risks for Small Businesses
Cyber attacks are deliberate attempts to gain unauthorised access to a digital device, platform, network or system with the purpose of stealing, manipulating or destroying data. This can be business data, customer data or other vital data to the business.
SMEs are easy targets for cybercriminals because there are a lot more SMEs than there are large corporations. Some of the most common cyber attacks SMEs should be aware of include:
- Phishing: when a hacker gains access to your computer system by sending emails or messages containing malicious links by pretending to be someone legitimate in order to trick people into sharing sensitive information like bank accounts and PIN numbers.
- Invoice fraud: victims are convinced to transfer money or change banking details in order to pay fake invoices. Criminals often impersonate service providers with whom their victims have previously interacted.
- Ransomware: criminals hack into databases and encrypt or remove them only to release them once a hefty ransom is paid.
- Social engineering: by obtaining personal information on social platforms, criminals impersonate someone in order to build trust and gain access to information.
- Distributed denial of service (DDoS): disruptions to online services or sales can occur if criminals flood a business website with so much traffic interaction that it becomes unusable.
- Insider threats: these occur accidentally or intentionally when staff members give away sensitive data. For example, uploading a company document to convert its format may inadvertently leak proprietary information.
In the same way that one wouldn’t risk physical theft by leaving the house front door unlocked, small business cybersecurity practices need to be put into place strategically.
Where there is a potential entry point to a database or operating system of a business, it’s important to put procedures in place to determine:
• what may be accessed;
• who may have access;
• why they have access;
• how they have access;
• where they access proprietary and sensitive data; and
• how the access is recorded.
A lack of formal work flow policies that guide the strength of passwords, security of devices, especially those used for remote work, or installation of antivirus software leave businesses vulnerable to attack. Diligence in securing your business’s digital assets with access controls and sound reporting procedures will go a long way towards protecting your business from potential threats.
Why Small Businesses Need Cybersecurity
Business operations may be brought to a lengthy standstill. In the case of ransomware attacks, business data is captured by criminals and information or systems required to run a business, for example booking systems, will be inaccessible. Without these systems in place, a business may lose days of potential revenue.
Should customer information be leaked as a result of negligence on the part of an SME, victims may be able to claim compensation under the Protection of Personal Information Act (POPIA) in South Africa, which could cost the business even more money.
What is probably more damaging than financial loss is the loss of trust in the business. Clients who have been the victims of a data breach may end business ties, warn others against a business, or even publish negative reviews online. The damage done to the brand and reputation of a business is very difficult to repair.
In order to safeguard the long-term survival of a business, planning for the worst-case scenario is vital. Here’s how you can prepare for the worst.
Actionable Cybersecurity Tips for Small Businesses to Apply
Dalton advises four key considerations when putting security measures in place:
1. Set up secure authentication procedures
Verifying the identity of someone before granting them access to data can be done through passwords, one-time pins or biometric verification like facial recognition or fingerprint recognition.
For client access to secure systems:
Where clients are able to access secure systems, ensure that authentication is always required, especially considering that clients may access these databases or share personal information using public networks or unsecured Wi-Fi networks or internet connections. For example, when accessing Lula’s Business Bank Accounts on the Lula app, biometric verification is enabled for ease and security.
For employee access to secure systems:
Where employees need to access secure systems, implementing a means of verification like a secure password is crucial. If passwords are used, strong and unique passwords are important. Using the same password across devices or platforms increases the risk of a data breach.
Password management tools like passkeys allow for verification without passwords as they are stored on devices or in the cloud and protect your passwords from phishing attacks.
2. Train your staff to identify threats
Train employees regularly to keep up to date with cybersecurity threats. Equip your staff with the knowledge to identify phishing scams and install antivirus software.
3. Have back-ups in place
Data replication or back-ups are also key. They ensure that business-sensitive information is recoverable in the event of a ransomware attack. Back-ups should be conducted regularly and saved on devices or servers that are separate from the databases used on a daily basis.
4. Implement IRPs and DRPs
Incident response plans (IRPs) and disaster recovery plans (DRPs) should be in place as part of a healthy cybersecurity strategy. These govern how a business will manage cyber attacks.
IRPs focus on how a business will react while a cyber attack occurs. This may include identifying any breaches, contacting appropriate support teams, and steps to isolating relevant systems.
DRPs rely on back-up data and other critical data in order to bring systems back online, with relevant login credentials. Details like the names of team members needed to manage the situation, as well as timelines for recovery, should be considered.
While every security breach cannot be prevented, ensuring that these areas are covered can help to prevent substantial damage.
Secure Digital Banking for Your Business
Considering the risks that exist in the digital world, it goes without saying that choosing a safe and secure business banking platform for your business is key. Lula’s business banking platform has appropriate protocols, like biometric authentication, in place to lower the risk of common cyber threats.
You can benefit from Lula’s Free Bank Account which offers ease, security and efficiency. Established and growing businesses have the added benefit of unlimited free EFTs with Lula’s Unlimited Account.
Both accounts offer 1.5% interest on your balance, with access to digital business banking features like Payment Controls and Multicompany. With the Unlimited Business Bank Account you get dedicated support from a business relationship banker to help guide you every step of the way. Learn more about our digital banking solutions and how to open an account with us to keep your money safe.
Mitigate Risk to Safeguard Your Business
Cyber threats are no longer peripheral. They are daily occurrences that SMEs cannot risk ignoring. By implementing sound policies and security measures, your business can have the resilience necessary to thrive in the digital age.
Making sure your banking platform is secure is part of this resilience. Learn more about how our Lula Free and Unlimited Business Bank Accounts make this possible and how we make cash flow.
