Digital transformation is happening as companies, including small businesses, strive to conform to modern digital practices to have an edge over their rivals. Some of these practices cut across the use of IT equipment and leveraging the internet to advertise a business and sell products/services online. Also, it is obvious that the internet has spurred business opportunities and gains, but it has its fair share of setbacks in the form of cyber risks. Every passing day, businesses are subject to intrusion from cyber criminals who attempt to get away with information, money or corporate sabotage. Thus, it is insanely paramount to put measures in place to mitigate these concerns and use the internet gainfully whilst protecting an enterprise.
In 2017 alone, up to 45 percent of micro/small businesses identified cyber security breaches or attacks in their premises. Among the 45 percent, 37 percent needed new measures to thwart future breaches, 33 percent needed more staff time to deal with attacks, 23 percent reported that intrusions stopped employees from performing their daily tasks and 19 percent said that breaches saw further recovery or repair expenditure.
According to AON Kenya, small enterprises can keep their businesses safe and evade online risks by implementing basic, yet powerful measures. In a nutshell, this encompasses getting basics right (using strong passwords, as well as up to date antivirus definitions and the ability to detect phishing attempts), deploying a risk management approach and embracing cyber essentials.
What small businesses need to know about cybersecurity
Generally speaking, cybersecurity emphasizes on protecting computer-based devices and data from unauthorised access, theft or modification. In turn, a robust cybersecurity platform bolsters the reputation of the institution practising it, which, by extension, opens new business channels and opportunities.
Notably, many local small businesses have adopted extensive use of the internet to meet their trade needs, which range from adverts, venturing into new business grounds, communication with clients and suppliers, carrying out financial transactions, to mention a few. While these gains are admittedly worthwhile, small businesses need to understand that they can never find a totally safe cybersecurity solution. However, this does not translate a lost cause because most online intrusions can be stopped or detected with ordinary security measures that include safe internet practices by employees, as well as underlying processes of IT systems. At the moment, these practices are critical in business setups. Small business owners must recognize that online security has to be managed in the same manner they would protect other crucial aspects of the entity. Thus, it is more of a business requirement as clients and suppliers demand security.
Meeting basic requirements
Often, cybersecurity basics are universally known, yet people tend to not taking them seriously. It should be known that taking simple actions and practising safe behaviours has the ability to cut chances of falling victim of online threats significantly. Some of these basics include downloading software updates as soon as the pop up on IT equipment, using strong passwords (lower and upper-case letters, numbers and special characters), deleting suspicious emails as well as use of updated antivirus tools.
Perhaps, the most underrated and unexploited security approach to thwarting cybersecurity issues is training employees to practice safe internet usage because the previously mentioned requirements are useless if your staff doesn’t have a fine grasp of online security.
Implementing a risk management solution
It is imperative that small business owners understand that their information is at risk, and so is their reputation, IT equipment and other internet-related services. Ideally, a business, be it micro or small purposes to transform itself into a larger organization, which makes the process a threat to rivals. In the same line of thought, these are institutions that have multiple forms of information such as customer databases, customer lists, financial details for the company and clients, future prospects, product designs and fabrication processes, to mention a few. If this information were to fall on wrong hands, then a premise would succumb to sabotage. In other words, there is greater risk to information technology services and information wherever they are stored, be it the cloud or local storage.
In regard to who could pose a threat to the mentioned assets, the list cuts through existing or past employees, as well as people a small business intends to work with. In this case, information can be compromised though negligence, accident or sheer malicious intent. Others include cyber criminals who want to disrupt a business or steal. Also, some business competitors are culpable in a bid to have a competitive edge.
Attacks or threats could be in the form of authorized access to electronic devices, remote attacks or unlawful access to information through current employees. If any of these intrusions are successful, small businesses risk financial losses in the form of theft of financial information, bank details or money. Financial losses could also be manifested in the form of disruption to trading and meeting business needs. Some of these cases go public, and owners can lose their business from bad publicity. It is even more expensive to patch and repair damages.
So, how can these issues be managed?
Well, planning comes to mind. Small businesses must acknowledge that their trade could be a target, and this gives them a heads-up on the level of risk it has to counter. Secondly, it is mandatory to know if your premise needs to comply with local personal data protection legislation, which differ from one region to another. Additional planning programs include identifying sensitive financial and information assets, as well as critical IT services. IT equipment is must be assessed, which include understanding what risks they are exposed to, how they are managed and stored, and who has access to them. Further assessment incorporates the level of password protection that is needed to get access to online services by customers, suppliers and employees. Afterward, owners must evaluate the robustness of awareness training for staff. Also, it is critical to consider persons or institutions to turn to in case of an attack. Lastly, it is important to understand the benefits of cyber insurance in protecting small businesses from cyber threats.
These plans must be implemented, which involves putting the right security controls in place. Security controls include malware protection, network security, secure configuration and managing user privileges. By the same token, these controls must be monitored to identify erratic behaviour.
Lastly, business owners must take steps to review their security and respond to changes.
In sum, most of these concerns are covered comprehensively by insurance companies such as AON Kenya, which has highlighted the importance of having an insurance cover for IT and online solutions for businesses because cyber-attacks are not going away any time soon, but can be mitigated nonetheless.