Nigerian SMEs are constantly under cyber attacks because cybersecurity has been framed, sold, and communicated in a way that makes it feel like a problem for large corporations, government agencies, and banks, cybersecurity consultant and founder, UltEnterprise, Bolaji Edu has said.

In a report titled: “Why Nigerian SMEs Keep Getting Hacked and What the Owners Will Not Admit”, he explained that Nigerian SME owners are diligent, hard working.

However, he kicked against limiting cybersecurity services big corporations because every business is at risk of attacks.

He said: “The question is not whether your business is big enough to be targeted. The question is whether your data is valuable enough to steal. For most businesses,it is”.

“There is a conversation I have had many times with small business owners, and it follows a predictable pattern. I ask about their cybersecurity.

“They tell me they have antivirus software. I ask about their staff. They tell me their people are sensible. I ask about their backups. There is a pause. Then they change the subject,” he stated.

Edu further explained that SMEs are the backbone of the Nigerian economy, employ the majority of the working population, generate a significant share of GDP but are one of the most poorly secured groups of organisations on the continent.

He disclosed that cybercriminals do not sit down and choose which company to attack the way a hunter chooses a specific animal.

“They run automated tools that scan thousands of businesses simultaneously, looking for weaknesses. When a weakness is found, they exploit it. The size of the company is irrelevant. What matters is whether there is something worth taking and whether the door is unlocked,” he said.

He added that for Nigerian SMEs, there is almost always something worth taking.

“Customer data including names, phone numbers, and payment information. Supplier relationships and pricing information. Employee records. Banking credentials. Email access that can be used to redirect payments or impersonate the business owner in fraud schemes.

“Business email compromise, where an attacker gains access to a company email account and uses it to redirect payments or conduct fraud, is one of the most financially damaging cybercrimes affecting Nigerian businesses. It does not target large corporations primarily,” he said.

He identified password reuse, unpatched software, absence of backups and inadequate access control as major vulnerabilities that SMEs need to address to guard against cybersecurity attacks.

He said that when business owners think about the cost of a cyberattack, they tend to think about the immediate financial loss.

“The money stolen in a fraud. The ransom paid to recover data. These are real costs and they can be devastating. But the full cost of a breach extends further and deeper than most owners realise until they are living through it.

“There is the operational disruption. A business that has been hit by ransomware does not just lose data. It loses the ability to function. Systems are offline. Employees cannot work. Orders cannot be processed. Deliveries cannot betracked. For every day of disruption, revenue is lost and relationships are damaged,” he added.

On why do so many Nigerian SMEs remain exposed, he said: “I have thought about this carefully and I believe cost perception, absence of a concrete incident and a lack of trusted, accessible advice.

“Nigerian SME owners are not short of hustle or intelligence. What they are often short of is access to practical, honest cybersecurity guidance that speaks directly to their situation.”

On what the SMEs should do, Edu advised them to turn on two factor authentication for your email, create a backup of their most critical data and store it somewhere separate from your main systems.

An external hard drive kept off site and list every person who has access to your business systems and remove access from anyone who no longer works for you or no longer needs it, among others.

“None of these actions requires a large budget or specialist knowledge. They require discipline and fifteen minutes of attention. For most Nigerian SMEs, doing these five things would close the majority of the vulnerabilities I find when I carry out a formal assessment,” he said.

“The cybercriminals targeting Nigerian businesses are not waiting for organisations to get serious about security before they attack. They are running their tools today, finding the unlocked doors, and walking through them. The question for every Nigerian SME owner is not whether they can afford to take cybersecurity seriously.

“It is whether they can afford not to. The businesses that will still be trading and growing in five years are the ones that treat digital security with the same seriousness they give to physical security, financial controls, and customer relationships,” he concluded.

Wasiu Alli is a business, economics cum data journalist with strong expertise covering macro trends, capital markets, government policies, corporate earnings and comparative economics analysis. Alli turns raw data into trends that not only tells compelling stories but nudges investors to make valued and informed decisions. He’s an alumnus of Lagos State University and trained at Lagos Business School. He formerly heads the Companies and Markets desk at BusinessDay where he writes and supervises the production of well researched articles on earnings updates, corporate sectoral comparisons, market intelligence as well as interviews with C-suite executives.

Join BusinessDay whatsapp Channel, to stay up to date

Open In Whatsapp