There’s a tendency to think that hacking is restricted to bigger corporates with valuable intellectual capital. But SMEs are operating in a highly competitive marketplace and need every possible edge. Obtaining a copy of a competitor’s price list, suppliers’ details or customer database could give an SME an enormous advantage over its competition.
When it comes to IT security concerns, most small business owners tend to think about other business areas first as a priority. However, no business operates without some form of technology in place. In fact, most business owners rely on a computer and cellphone, with tablets becoming increasingly popular. Then there is also the business server that all these devices connect to – to be able to work remotely. Looking at this picture, what is the one common aspect of all these types of devices? They all have the ability to connect to the Internet.
The Internet – the good, the bad and the ugly
While certainly the Internet can be considered a phenomenon that has changed the world, it can also be quite detrimental, especially if used for the wrong reasons. Many cyber criminals today still target consumers; however we are seeing a trend whereby businesses are now also being targeted. This is due to the enormous amount of value business data can hold.
Why SMEs neglect security
The reality is that some SMEs in South Africa do not possess the know-how and resources needed to protect themselves effectively against Internet threats:
- the subject is too complex;
- security specialists are rare and expensive; and
- Internet security is not part of the company’s core business.
Hit or myth?
There are some common myths that influence online security practices.
- There is limited cybercrime in South Africa
Cybercrime is often seen as an ‘other country’ issue. The reality is that malicious code and cybercriminal activity can originate from just about any country. This should raise security concerns for businesses, especially as they start to store more business critical data virtually. It is critical to remember that threats are the same for both virtual and physical environments and as such, protection is required.
- Attackers only target large organisations
The increasing professionalism of attackers has led to considerable changes in threat scenarios. The object of today’s attacks is no longer to infect as many PCs as possible. On the contrary, today’s attacks are mostly intended to keep the threat hidden for as long as possible and to evade the attention of the anti-virus software. The longer these take to react to new threats, the more time the attacker has to ensure that the malicious code reaches its target. As such, anyone can become a victim of cybercrime or identity theft and SMEs are no exception.
- Security gets in the way of doing business
Newer technologies and concepts, such as cloud computing, virtualisation, and smartphone devices are creating new opportunities and ways of conducting business. They are also creating more avenues for threats. Security becomes the enabler that gives businesses the confidence to know that their critical data and information is protected. As such, security should not be seen as an inhibitor, but a facilitator that allows them to realise their true potential.