5 Tips to Strengthen SME Cybersecurity

As the world marks the United Nations’ ‘Micro-, Small-, and Medium-sized Enterprises Day’ today, June 27, Kaspersky is urging SMEs across Africa to reconsider their approach to cybersecurity. Whether a software startup, a small bakery, or a plumber, SMEs rely on a computer or a smartphone for some aspects of their operations.

As stated in the current Kaspersky Threats to SMB study, the possibility of cybercriminals compromising data and systems can have potentially disastrous effects for any SME.

Many African countries rely heavily on SMEs for economic growth and job creation. In fact, there are around 44 million micro, small, and medium companies (MSMEs) in Sub-Saharan Africa, accounting for more than 90% of all enterprises and the majority of jobs in the region.

Whether it’s putting passwords on sticky notes or sharing them around employees, not having backups in place, or not having cybersecurity protection at all, SMEs frequently overlook this critical aspect of their operations.

Even small businesses with limited IT resources still need to protect all their working devices and company data from cyber threats.

“Cybercriminals are already way ahead of the curve, so much so that virtually every organisation will experience a breach attempt at some point. Our ongoing research continues to demonstrate how the cyber threat landscape is expanding, and no one or enterprise is beyond reach. These enterprises must therefore see cybersecurity not as a choice, but a necessity in the digital age,”

says Bethwel Opil, Enterprise Client Lead at Kaspersky in Africa.

In fact, according to the most recent Kaspersky Threats to SMB report, the number of SME employees globally encountering malware or unwanted software disguised as legitimate business applications has remained relatively stable year on year (2,478 in 2023 compared to 2,572 in 2022), and cybercriminals are continuing to infiltrate these businesses.

Fraudsters use a variety of tactics to acquire unauthorized access to sensitive data, including exploiting vulnerabilities, sending phishing emails, fraudulent SMS messages, and even seemingly harmless YouTube links.

Furthermore, the overall number of detections of these malicious files intended at SMEs worldwide during the first five months of 2023 totaled 764,015, according to the Kaspersky analysis.

The most common danger to SMEs was exploits, which accounted for 63% (483,980) of all detections.

To help businesses navigate the complex cybersecurity landscape, Kaspersky offers five must-have recommendations:

1. Endpoint Security

The endpoint – the computers, smartphones, and other devices that employees use every day – is a critical vulnerability in many firms. Endpoint Detection and Response (EDR) technology is intended to safeguard data by protecting these access points from potential cyber threats. Advanced detection engines, real-time analytics, and the capacity to seek, investigate, and respond to elusive threats across the protected infrastructure may be included in a SME’s EDR. Endpoint visibility and threat intelligence should be implemented.

2. VPN (Virtual Private Network)

A VPN offers a secure Internet connection, shielding data from fraudsters and hackers. A VPN is vital for SMEs with remote staff to ensure secure communications. These techniques are especially beneficial while using public Internet connections, such as those found in coffee shops, airports, or guest houses, which can be hacked. A VPN provides customers with a secure connection that separates hackers from the data they wish to steal.

3. Cybersecurity awareness training

The first line of defense is education. Continuous cybersecurity awareness training can reduce the likelihood of successful cyberattacks dramatically. Employees who can recognize phishing scams, maintain strong passwords, and adhere to secure online habits are vital assets in the ongoing battle against cybercrime. This is where a series of interactive trainings delivered by solutions such as the Kaspersky Automated Security Awareness Platform can help to instill the importance of cybersecurity in employees while also providing advice and recommendations.

4. Backups

Backups ensure that the business can recover swiftly and with minimal inconvenience in the case of a cyberattack. Backups should be conducted on a regular basis and saved elsewhere or in the cloud for best security.

5. Cloud security

As more SMEs adopt cloud computing, safeguarding these environments becomes increasingly important. SMEs must recognize that using a reliable cloud service provider and implementing cloud-specific security procedures to secure data is non-negotiable.

A SME is still in charge of moving their data into the cloud, and they must take the appropriate precautions to keep it safe while doing so.

“The digital landscape is complex and always evolving. By focusing on these five critical areas, SMEs can protect themselves and their customers from a significant number of potential cyber threats. Cybersecurity is an investment that pays off by safeguarding a company’s reputation and customer trust,”

Opil concludes.

Kaspersky invites all SMEs to take action on ‘Micro-, Small-, and Medium-sized Enterprises Day’ by reevaluating their cybersecurity measures, investing in their future, and ensuring they are contributing to a secure and resilient digital Africa.

inDrive Appoints Mark Loughran as Group President

Top 50 Finalists for 2023 Edition of Africa’s Business Heroes Prize Competition