During the past two years all businesses, and in particular small enterprises and entrepreneurs had to not only change the way they do business but also the ways in which they protect their business assets, including their digital and data assets.
Philippa Wild from Santam says, “Apart from the obvious impact of COVID-19 on businesses, another C-word – Cyber Security – has become more and more important, particularly for small businesses.”
According to the KnowBe4 African Cybersecurity & Awareness Report 2021, 32% of respondents were affected by cybercrime while working from home and one third of these attacks were social engineering, which proves the increased importance of managing cyber threats effectively.
With the forced transition to a digitally seamless world and a higher acceptance of e-commerce; as well as the premium on consumer data driven in part by POPIA legislation, cyber security has become a focus for many companies.
According to the Santam 2021 Insurance Barometer Report, cyber risk is now widely recognised as a global emerging risk, with 40% of Small Medium Enterprises surveyed relying on free anti-virus software for cyber protection and up to 27% not backing up their data.
In the same report, it was found that 45% of commercial intermediaries ranked cybercrime as their third-highest business risk with 36% of small businesses ranking it their fourth-biggest risk.
Wild explains, “Contrary to popular belief, cyber threats are not limited to big corporations and governments. Compared with larger companies, however, many small businesses have fewer resources to dedicate to cyber security which leaves them vulnerable to the ever-evolving tactics of cyber criminals.”
Dealing with the consequences of a cyber-attack can be seriously detrimental to a business’s bottom line, costing up to half a million or even more in some instances. It is clear that it is important to protect your business from cyber-attacks, but the truth is, some business owners aren’t sure how.
To help in this regard, Santam’s cyber security team developed the following tips to help small businesses owners navigate the world of cyber threats:
1. Evaluate online systems:
System vulnerabilities are how cyber criminals get in. If there is any weakness whatsoever, hackers may pounce and capitalise on it. As such, business owners should have a complete understanding of their I.T. ecosystem.
They should also understand where their data lives and what type of data is stored.
2. Study and implement best practices:
Even without the resources of larger companies, small businesses can create a defence that discourages cyber criminals from carrying out their attacks by implementing basic security and digital hygiene practices, such as:
- Installing firewalls to prevent unauthorised access to the firm’s networks.
- Using antivirus software and ensuring that it’s updated regularly.
- Regularly backing up data and storing it offline or in another location (not just in the cloud).
- Fostering a strong password culture.
- Introducing multifactor authentication, which asks for two identifying factors, like a password and a code, to access accounts and systems.
3. Empower and train employees:
Business owners and their employees are often the first line of defence in protecting the business from cyber-attacks. In fact, according to the 2022 Global Risks Report by the World Economic Forum, 95% of cyber security issues can be traced to human error.
Thus, investing in basic cyber security consulting and training can help employees at small and medium enterprises identify common threats, such as phishing emails or suspicious downloads. This also helps develop online best practices, like safe browsing and strong passwords.
With more employees working remotely or in different office locations, it’s particularly important for firms to create and review cyber security policies for the business, including safety guidelines and what to do in the event of a data breach.
4. Cybersecurity insurance:
Regarded as the final and possibly most important line of defence, cyber security insurance can help protect a business from financial losses caused by incidents such as data breaches, ransomware attacks and hacking.
Wild says, “The reality is that when it comes to starting a small business, new owners have many decisions to make and often leave cybersecurity measures by the wayside.”
This is a massive risk, which of course is something that Santam understands. As such, the company offers bespoke cyber insurance cover that is specifically curated for businesses that employ up to 100 people with a turnover of up to R20 million.
The four areas covered include:
- Data breach and restoration: After a breach, the business may incur legal costs and pay damages to third parties. This extension provides cover for legal defence costs and damages if the case is unsuccessfully defended.
- Third party liability: This covers your business against any claims that your clients or intermediaries make towards your business should they experience a cyber-attack on your system.
- Business interruption: The offering is designed to assist small to medium business owners to get their business back on track after a breach.
- Cyber extortion and cybercrime: This extension helps get businesses running as soon as possible after a cyber-attack and manages the financial implications because of the ransomware.
Wild concludes, “The best way to protect and manage any risk is to get business insurance that is tailor-made to suit your business needs and operations. As the largest insurer in South Africa, Santam wants to partner with small businesses to cater for their unique insurance needs and threats of which cyber-attacks are becoming more and more prominent.”
*For more information on cyber insurance, please visit www.santam.co.za