Do small businesses need cyber security?

Dec 6 / Penny van der Byl
Broadband and information technology are powerful factors in small businesses reaching new markets and increasing productivity and efficiency. However, businesses need a cybersecurity strategy to protect their own business, their customers, and their data from growing cybersecurity threats.

The coronavirus pandemic has created new challenges for businesses as they adapt to an operating model in which working from home has become the ‘new normal’. Companies are accelerating their digital transformation, and cybersecurity is now a major concern. The reputational, operational, legal and compliance implications could be considerable if cybersecurity risks are neglected.

Cyber-attackers see the pandemic as an opportunity to step up their criminal activities by exploiting the vulnerability of employees working from home and capitalizing on people’s strong interest in coronavirus-related news (e.g. malicious fake coronavirus related websites).
As cybersecurity threats continue to advance, it’s more vital than ever before to assess your company’s vulnerabilities.
Cedric Nabe from Deloitte has put together a list of examples of how companies and employees can increase cybersecurity he believes that Employees working from home and using their personal computer (and even those using a corporate-owned device) should implement essential cyber hygiene practices.

These include:
Antivirus protection. Employees should be provided with a license to antivirus and malware software for use on their personal computers. Although this does not provide failsafe protection, it eliminates many low-level attacks.
Cybersecurity awareness. Staff should be briefed on best practices and procedures to regulate the sending of emails or other content to private email addresses and/or cloud storage.
Phishing awareness. Employees should be vigilant when receiving emails and should check the authenticity of the sender’s address.
Home network security. Employees should ensure that their home Wi-Fi is protected by a strong password.
• Use a VPN. Virtual private networks add a further layer of protection to internet use from home. They cannot on their own be relied upon to prevent cyberattacks, but they can be a useful barrier against cyberattack.

There are some basic cybersecurity strategies that businesses can adopt.
• Identify weak spots. All IT systems have weaknesses. Companies should run tests to identify them and patch the most critical vulnerabilities as soon as possible. This can take the form of vulnerability scanning, or various type of penetration testing exercises. Additionally hardening of components of the technical infrastructure should be performed.
• Frequent reviews. Companies should regularly evaluate cybersecurity risk exposure and determine whether existing controls are robust enough. Any new forms of cyberattack that have appeared recently should be considered during these reviews.
Renew business continuity and crisis plans. Business lines Managers need to keep their business continuity plans updated and consider cyberattack scenarios.

More advanced measures that can be taken include:
• Apply new technology and tools. Companies can use advanced tools such as host checking (a tool to check the security posture of an endpoint before authorizing access to corporate information systems) to reinforce the security of remote working.
• Intelligence techniques. Businesses should encourage proactive use of cyber threat intelligence to identify relevant indicators of attacks (IOC) and address known attacks.
• Risk management. Businesses can apply governance, risk and compliance (GRC) solutions for improved risk management. GRC solutions provide a detailed view of the company’s risk exposure and help link together the various risk disciplines (e.g. cybersecurity, operational risks, business continuity).
• Prepare for attacks. In these high-risk times, companies are advised to carry out frequent cyber crisis simulation exercises to prepare their response to a cyberattack.
Zero Trust. CISOs (Chief Information Security Officer) and CIOs (Chief Information Officer) should consider implementing a zero trust approach to cybersecurity. This is a security model where only authenticated and authorized users and devices are permitted access to applications and data. It challenges the concept of “access granted by default”.

R|M|V|A’s Cybersecurity Basics on line course has the basics for assisting you with giving you a strong foundation and understanding to ensure that your small business is protected.

In addition to the course R|M|V|A has :

A Virtual Business Mall and our Virtual Business Agency will assist in setting your business.

The VBM is just that - a virtual space where all micro and small businesses (informal or formal) can be listed (with a difference). We provide the following at VBM:
a 1-page website, showcasing your business on a functional website that your potential customers can engage with directly
Ongoing marketing of the VBM space, which means visibility for every tenant in the virtual mall
Selected businesses highlighted and marketed in the mall once a month to boost their visibility
All at a cost of only R100 per month
When you're ready to 'graduate' from the mall and become a fully-fledged, registered and ready to grow business, you can graduate to the Digital Business Agency (Digital Business Agency (DBA) www.thedba.co.za). Alternatively, you’re already a registered business that has plans to grow and prosper I the digital world.

Either way, the Digital Business Agency provides you all the necessary guidance and support to ensure that you’re successful. Take a look at the services we currently offer. Here are 4 key areas that we focus on with you as a partner:

1. Business Enablement
2. Business Visibility
3. Business Engagement
4. Business Upskilling
Please contact us to talk you this revolutionary way of learning.
Created with