This week plays host to Safer Internet Day, and while the focus is to ensure the internet is a safe environment for children in particular, local SMEs should also look to ensure their cybersecurity is up to snuff.
This is the firm belief of Heino Gevers, customer success director at Mimecast, who recently unpacked a four point checklist for African SMEs to consider when it comes to cybersecurity.
Are you cyber resilient?
“If large organisations are at risk, small businesses – which don’t have fully resourced in-house security teams and large security budgets – are at even higher risk,” says Gevers.
He explains the email remains a high priority target for cybercriminals, with 50 percent of global organisations said to have seen an increase in email phishing attacks during the past year.
“It might seem like a hopeless situation, especially when we tell businesses to assume that they will be attacked eventually. But that’s the current state of the security landscape and our best defence is to be prepared with a well-developed and tested cyber resilience strategy,” he explains.
So what should SMEs keep in mind when developing their cybersecurity strategy?
The four-pronged plan
In terms of having the right elements in play, the first that Gevers highlights is communication as it pertains to how quickly you react to a breach or attack.
“Once you realise you’ve been hacked, you need to inform staff and other affected stakeholders of the breach immediately,” stress the director.
“Prepare an honest media statement, outlining what you know about the attack (without implicating the business), who is affected, and what you’re doing about it. Communicate immediately, not one week after the incident,” he advises.
Next is end-user awareness, with Gevers explaining that once a breach has occurred, it should be viewed as an opportunity to educate your employees. He also notes that breaches should not be the only occasion where staff should be instructed on better cybersecurity habits.
“Regular cybersecurity awareness training should form part of your cyber resilience strategy,” he says.
“Security awareness training should be interesting and relevant – we’ve found that videos and humour work best to get the message across. Your end-users need to know what your strategy is – and their role in it – in the event of an attack,” adds Gevers.
Once your staff is being regularly educated on cybersecurity, the following step is durability as Gevers terms it.
This refers to, “an effective backup, recovery, and failover plan to ensure your staff can still work and access mails while the breach is addressed,” the director points out.
Failure to do so will have a detrimental effect on downtime for the business, with an estimated 60 percent of SMEs who have experienced a cyber attack being forced to close their doors six months later due to a poor backup plan.
The final piece of the checklist is a question that SME needs to ask themselves. Can you recover all emails and data from the moment you were attacked, as well as get your operations back up and running quickly?
Recoverability is therefore an important element for SMEs to consider, and requires having a plan in place which can quickly answer the above questions.
Ending, Gevers notes that a cyber resilience strategy is not something that should be thought about every six to 12 months, but needs to be tested and refined on an ongoing basis.
“Regular testing allows you to adapt your strategy to stay ahead of new and evolving threats and will help keep security awareness top of mind for everyone,” he concludes.
[Image – CC 0 Pixabay]