Small businesses in South Africa have a lot on their plate and cyber security may not always be front of mind, but there are three key things entrepreneurs can do to protect their organisations, writes Gary Turner, managing director for Europe, Middle East and Africa (EMEA) at Xero.
Recent research reflects this: PwC’s 2016 Global Economic Crime Survey found that only 35 per cent of South African businesses have an incident response plan in place. Despite this, cyberattacks are now the country’s fourth most reported crime, and a third (32 per cent) of organisations have reported being victims.
Per the South African Banking Risk Information Centre (SABRIC), South Africans lose ZAR2.2 billion (US$168 million) to cybercrime every year – and they don’t have to. With the right precautions, attacks on your systems and data can be avoided.
To protect your business and its information, keep these three things firmly in mind.
Auditing assets
Non-physical assets are just as important as physical ones, and it’s vital that you keep track of confidential data relating to your business, your customers and your employees. Do you know where the data is being stored and who has access to it, how it enters your business and how it leaves? Ensure that those who no longer need access to your systems, such as former employees, have their permissions removed.
By keeping your systems watertight, you can help eliminate digital vulnerabilities. Stay vigilant, and continually monitor your assets: complacency can lead to data leaks, among other problems.
Access and authentication
It’s important to have a robust authentication system, with layers of protection beyond simple usernames and passwords. Multi-factor authentication can be the difference between a secure network and one that’s open to attack, protecting your business from phishing or malware scams.
Usernames and passwords can be vulnerable to hackers, but with multi-factor authentication, hackers will be stopped unless they provide further information such as a unique code sent to your mobile device, or even a fingerprint. So, even if your passwords are compromised, your data will still be safe.
Implement multi-factor authentication across all of your systems – for example, if your employees access their work email on their phones, ask them to install the Google Authenticator app, which will enhance their phone’s security. Similarly a lot of software on the market, including Xero, allows users to set up two-step authentication, making their accounts more secure.
Computer cleaning
When it comes to computers, cleanliness goes way beyond scrubbing and wiping. Poor digital hygiene is an absolute gift to would-be cyber criminals and when you let your applications gather dust, they become especially vulnerable. Security is improving all the time, but companies don’t always update their software as often as they should, including their anti-virus tools.
Don’t forget to install updates as soon as they’re made available. Software as a Service (SaaS) tools typically do this automatically, and make data retrievable from an external location.
When your network is in order, it’s also worth implementing a data security policy to maintain a scrupulous level of computer hygiene. Educate staff on phishing scams and password protection – make sure they’re following best practice across all of their devices, that they regularly change their password and don’t use the same one for every log-in.
Cybercrime is on the rise and, with so much business now being conducted online, it’s essential that small business owners take precautions and foster good online security habits. Adopting these relatively straightforward measures will help protect you against costly data breaches.