As the global community recently commemorated the United Nations’ ‘Micro-, Small and Medium-sized Enterprises Day’ on June 27, Kaspersky is calling on SMEs across Africa to rethink their approach to cybersecurity.
Whether a tech startup, small bakery, or a plumber, SMEs are reliant on either a computer or smartphone for some aspects of their business. The possibility of having data and systems compromised by cybercriminals is something that can have potentially devastating consequences for any SME, as reiterated in the latest Kaspersky Threats to SMB report.
SMEs are significant contributors to economic growth and employment for many African nations. In fact, across sub-Saharan Africa there are upwards of 44 million micro, small, and medium enterprises (MSMEs) which constitutes over 90%² of all enterprises and accounts for most jobs across the region.
Whether it is leaving passwords on sticky notes, or sharing them between employees, not having backups in place or lacking cybersecurity protection entirely, SMEs often neglect this essential part of their business. Even small businesses with limited IT resources still need to protect all their working devices and company data from cyber threats.
“Cybercriminals are already way ahead of the curve, so much so that virtually every organisation will experience a breach attempt at some point. Our ongoing research continues to demonstrate how the cyber threat landscape is expanding, and no one or enterprise is beyond reach. These enterprises must therefore see cybersecurity not as a choice, but a necessity in the digital age,” says Bethwel Opil, Enterprise Client Lead at Kaspersky in Africa.
In fact, the latest Kaspersky Threats to SMB report shows that the number of SME employees globally encountering malware or unwanted software disguised as legitimate business applications has remained relatively steady year-on-year (2,478 in 2023 compared to 2,572 in 2022), and cybercriminals are persisting in their efforts to infiltrate these businesses. Fraudsters are employing a multitude of methods, including exploiting vulnerabilities, employing phishing emails, deceptive text messages, and even utilising seemingly harmless YouTube links, all with the aim of gaining unauthorised access to sensitive data.
Furthermore, according to the Kaspersky report, the total number of detections of these malicious files aimed at SMEs globally during the first five months in 2023 reached 764,015. Exploits were the most prevalent threat to SMEs, accounting for 63% (483,980) of all detections.
To navigate the complex cybersecurity landscape, Kaspersky shares five must-have suggestions every SME should consider:
- Endpoint Security:A key vulnerability in many businesses is the endpoint – the laptops, smartphones, and other devices that employees use every day. Endpoint Detection and Response (EDR) technology is designed to protect these access points from potential cyber threats, keeping data safe. A SME’s EDR may include tools like advanced detection engines, real-time analytics, and the ability to hunt, investigate, and centrally respond to evasive threats across the protected infrastructure. There should be applied threat intelligence and visibility into endpoints.
- VPN (Virtual Private Network):A VPNenables a secure connection over the Internet, protecting data from cybercriminals and hackers. For SMEs who have employees working remotely, a VPN is essential to maintain secure connections. These solutions are especially useful when using public Internet connections, such as in coffee shops, airports, or guest houses which can be vulnerable to hackers. A VPN gives users a secure connection which separates hackers from the data they are hoping to steal.
- Cybersecurity awareness training:Education is the first line of defence. Continuous cybersecurity awareness training can significantly reduce the risk of successful cyberattacks. Employees who can identify phishing scams, use strong passwords, and follow secure online practices are valuable assets in the ongoing fight against cybercrime. This is where a series of interactive trainings through solutions like the Kaspersky Automated Security Awareness Platformcan be a good starting point to instil in employees the importance of cybersecurity and give them advice and recommendations.
- Backups:Backups ensure that in the event of a cyberattack the business can recover quickly and with minimal disruption. Backups should be performed regularly and stored off-site or on the cloud for maximum protection.
- Cloud security:As more SMEs embrace the cloud, securing these environments is critical. Using a trusted cloud service provider and employing cloud-specific security measures to protect data is something that SMEs must understand is non-negotiable. A SME is still responsible for getting their data into the cloud and they need to take the necessary steps to keep it safe while doing so.
“The digital landscape is complex and always evolving. By focusing on these five critical areas, SMEs can protect themselves and their customers from a significant number of potential cyber threats. Cybersecurity is an investment that pays off by safeguarding a company’s reputation and customer trust,” Opil concludes.