A recent survey by cybersecurity firm KnowBe4 (www.KnowBe4.com) has uncovered a concerning gap in security practices between small and large businesses. The study, which polled 2,600 IT professionals, found that 62% of small and medium-sized enterprises (SMEs) do not use multi-factor authentication (MFA), compared to only 38% of large corporations.
This disparity in cybersecurity measures comes as cyber threats are more prevalent than ever. With SMEs increasingly becoming targets for cybercriminals, the need for robust security practices has never been more critical.
“The cost of not implementing cybersecurity measures can be far greater than the cost of implementing it,” warns Anna Collard, SVP Content Strategy & Evangelist at KnowBe4 AFRICA. She emphasises a cyberattack can lead to financial losses, legal fees, loss of customers, and even business closure. “Investing in basic cybersecurity is like investing in insurance—it’s essential to protect your organisation’s future.”
Easy targets
SMEs are increasingly falling victim to cyberattacks because of their perceived vulnerability. “Small companies often have weaker security measures in place compared to larger corporations,” Collard explains. “They might not have dedicated IT staff or the resources to implement robust cybersecurity defences.”
She adds cybercriminals are opportunistic and prefer to go after easy opportunities. “Small businesses might not prioritise cybersecurity, which makes them even more vulnerable. Even non-profit organisations, such as schools and universities, are being targeted.”
Collard cites an example of a small legal firm hit by a ransomware attack. “They had no back-ups of their critical files and their data was held hostage,” she says. “The firm ended up paying a ransom to recover their files, which was extremely costly.”
The damage extends beyond immediate financial losses. “This kind of disruption can harm customer relationships and your reputation,” Collard notes. According to estimates, ransomware attacks can lead to recovery costs that are 10 times higher (https://apo-opa.co/3Zcp0ZG) than the amount demanded by cybercriminals.
To strengthen their defence against cyber threats, SMEs should focus on these four essential strategies:
1. Know your assets and protect them
Investing in basic cybersecurity is like investing in insurance—it’s essential to protect your organisation’s future
“The first thing to do is to create an asset inventory for your organisation,” Collard advises. “You need to understand what information assets are critical to your ongoing operations and how they could be at risk. Understanding the level of risk impacts how to protect them with relevant security software and processes.”
Even though some businesses may baulk at the cost of cybersecurity, she says many measures are low cost or even free. “There is a great privacy and data security toolkit (https://apo-opa.co/4fJ1s4k) targeted at South African SMEs released by the Department of Communications and Digital Technologies and the British High Commission, UK Foreign, Commonwealth & Development Office (FCDO) (https://apo-opa.co/3YLW6OI).” This tool helps with the right approach and provides access to important and cost-effective resources such as anti-malware, patch management and other critical security software solutions for SMEs.
2. Implement MFA
Multi-factor Authentication (MFA) strengthens security by requiring multiple verification methods. “This adds an extra layer of security, making it harder for attackers to gain access to systems and sensitive data,” Collard explains.
Beyond a password, MFA may involve a code from an app, a personal question, or biometric checks like fingerprints. “MFA reduces the risk of account takeovers and data breaches,” she says. “For optimal effectiveness, it should remain user-friendly, while being resistant to phishing attempts.”
3. Do regular back-ups
Another effective cybersecurity strategy is to perform back-ups of your organisation’s files frequently. “All critical data and systems should be backed up regularly and stored securely, preferably off-site or in the cloud,” Collard asserts.
This is essential to ensure your business can continue operating in the case of a cyber-attack. “It was because the legal firm didn’t back up their data that they had to pay the ransom the cybercriminals demanded.”
As well as backing up files, your organisation should regularly update software to ensure vulnerabilities are patched. “It’s also vital to have reliable antivirus software to protect your company from malware and other threats,” she adds.
4. Train your employees
Having staff who are familiar with cybersecurity best practices and use strong passwords is essential, especially given that many companies use remote workers. “Educating employees is a powerful weapon against cybercrime,” states Collard. “It means they are more likely to recognise phishing or other social engineering attempts quickly.”
She gives the example of a small e-commerce business that invested in regular employee training and implemented MFA across all its systems. “When they were targeted in a phishing attack, the employees recognised the threat and reported it, preventing any breach,” she comments. “Their proactive approach to cybersecurity saved them from huge losses.”
By implementing these four strategies, SMEs can significantly improve their cybersecurity posture and protect themselves against the growing threat of cyberattacks. “As the KnowBe4 survey highlights, there’s still much work to be done in bridging the security gap between small and large businesses,” Collard concludes. “However, with the right approach and resources, SMEs can enhance their defences.”