• Tuesday, July 23, 2024
businessday logo

BusinessDay

Cybersecurity for SMEs

Implementing policies to mitigating security risk in organizations

Many small businesses believe they are totally safe from cyber threats because they are small. In a study by Sidmach Technologies, in 2018, 60% of organisations in the country suffered cyberattacks and 43% were targeted at SMEs. In reality, Cybercriminals have realized that small businesses tend to have poorer security practices, making them more vulnerable. Understanding basic cybersecurity functions and taking necessary precautions go a long way to reduce the risks of a breach.

Forms of Cyberthreats

a. Social Engineering

Hello Sir, my name is Paul calling from your bank. There is an issue with your account.

We have all gotten calls like this. This is a social engineering attack. This occurs when an attacker tries to trick you into giving up confidential information over the phone or in person for criminal purposes.

b. Spoofing: Here, the attackers disguise communication as a known and trusted source. The attacker takes on a familiar identity like a boss, family or colleague and tries to secure the confidence of the target in order to obtain personal information or spread malware.

c. Email Phishing: Phishing schemes often use spoofing techniques to get targets to take the bait. It then provides a link to a website where the target enters sensitive personal information.

d. Ransomware: Recently, a friend was trying to download a Corel draw crack from the internet but once he launched it, every file on his system became encrypted. He got a message instructing him to pay $900 to unlock his files. This is a typical ransomware attack. This is Data kidnapping for ransom. Unfortunately, there is no assurance that you will be able to access your files after payment or they won’t do further damage to your data.

e. Human error: A lot of times, humans are the weak link. About 35% of security incidents are a result of human error. Many security incidents can be avoided if people could be more security conscious.

Read also: Insurers seek effective monitoring, implementation of 2021 budget for growth

Cybersecurity incidents have far reaching impacts on businesses including but not limited to: Information theft; Financial losses; Repair Costs; Regulatory sanctions and fines; Reputational damage and; the domino effect which occurs through damage to other businesses that are connected to you.

Including Cyber Insurance in your security budget is a necessity. It covers the recovery and replacement of lost data, lost income etc. An insurance cover is not a substitute for implementing robust security protocols; it just helps to mitigate the damage to your business after a security incident.

One common feature of SMEs in Nigeria is the use of POS. It is important to take certain precautions to protect your customer’s data before accepting any kind of card payment. Some of these steps are: Process and store the data on secure platforms; Control and limit access to your payment systems; Limit data collected and stored by not retaining customer’s data for long; Develop an inhouse policy for processing data.

It is also important to develop an incident response plan, which is a step by step breakdown of what the business should do when faced with a security incident. A good plan should identify and isolate the attack; Determine the nature of the attack; Discover the extent to which the system is compromised; Attack and eliminate the threat; Review the attack and put in place better security measures; Notify the necessary authorities.

While reading this article to gain knowledge about being cyber secure is a step in the right direction, it should be noted that every business model has its peculiarities. It is therefore important you sit with a security professional to develop the security plan that best suits your business.

Oloni is a student at the Nigerian law school, Abuja campus and Udoh is a 400 level law student of Obafemi Awolowo University.