Pandemic highlights need for cyber risk management in SMEs
If small and medium businesses had little appetite for cyber risk management before the coronavirus pandemic, they may have developed one now. Mobilising remote workforces, provisioning the right set of tools, managing the flow of data, keeping it secure and controlling who has access to what has likely caused disruptions and headaches at best. At worst, lack of cyber risk management has caused companies to grind to a complete halt.
Douw Gerber, Business Development Manager at leading South Africa-based managed IT security services company, Securicom, says lack of cyber risk management is a factor in the higher incidence of cyber related fraud among small businesses during the lockdown. Citing Verizon’s Business 2020 Data Breach Investigations Report, he says about a third (28%) of data breaches this year has involved small businesses.
“There are no controls in place to manage access to and the share of information. Backups don’t happen when they should. Cyber security tools aren’t updated as they should be. Employees are using unsecured devices to do their work. People are using third-party apps to complete tasks. There is no segregation of duties. Appropriate actions aren’t taken when security incidents happen. The list goes on.”
Gerber recognises that the IT function in the average small to medium-sized business ranges from a one-man band scenario to a small team that performs a range of tasks, one of which happens to be IT. Without concerted management, small businesses are at a disadvantage when it comes to deciding how to go about investing in IT, what tools they need and how they should be provisioned, managed and governed. The result is bad IT spend, tools that don’t get used to their max, poor security and more risks.
He stresses that cyber risk management should form part of the overall risk management strategies of every business.
“The work-from-home scenario that has burgeoned in the wake of the COVID-19 pandemic has dramatically increased companies’ exposure to cyber-related threats. Companies are not in control of their data or the devices that employees are using to access company resources. When employees use their own unsecured devices for work, they make for a perfect gateway or point of attack on company networks.
“Companies should know who and what devices are accessing their networks. Restrictions should be placed on what information can be accessed, and employees need to understand what they are and why they are there. It is all part of risk management.
“We are in a rapidly changing world where technologies are evolving all of the time in increasingly complex operating environments. The coronavirus pandemic and the plummeting economy are making doing business more challenging than ever. It is becoming increasingly important for small and medium-sized companies to strategically position ICT to build resilience and competitive advantage.”
Securicom provides best-in-industry, cloud-based Managed IT Security Services to address the increasing and ever evolving security threats that businesses face. Its partnerships with leading, global technology providers, combined with extensive experience in building and delivering locally hosted security services, ensure that its partners and customers can benefit from state of the art IT security, regardless of their size or number of users. Securicom’s solutions include email, endpoint and web protection, network security and cyber security monitoring. Securicom has offices in Johannesburg, Cape Town and Namibia; and has customers across the globe. For more information on Securicom, please visit www.securicom.co.za.