Stellenbosch University and the Council for Scientific and Industrial Research will host the International Conference on Cyber Warfare and Cyber Security. Photo: African News Agency (ANA)

JOHANNESBURG – There is a massive misconception that small and medium-size businesses are less vulnerable to cyber attacks and in particular email threats. The opposite is, in fact, true as they generally do not have adequate security measures in place.

If your company has internet and email you are vulnerable and every precaution should be taken to protect your business.

Large corporates can afford specialised security teams who are given responsibility for each system that the company is running. So in a large well-organised network, the company would have:

  • Extremely costly firewalls that are maintained by a security team  
  • Regular penetration and vulnerability assessments being run against the network
  • Data that is well structured and user access well controlled
  • Multiple layered email defence mechanism to ensure email is secure
  • Regular structured user training around email and cyber security and best practices

In the small to medium-sized business, it is rare to see any of these elements with adequate focus and protection. The cost of having these kinds of security measures with an in-house IT team is just simply not affordable or even feasible given the complexities of the systems required.

We have seen email threats to be the biggest threat to business, supported by data from our email security platform that cleans and filters our customer’s email. The following statistics are for January 2019 – real numbers on the email from primarily South African business customers:

  • Single Threat Messages: 8 241 780 – 62.5%
  • Multiple threat messages: 212 985 – 15.1%
  • Clean messages: 3 201 280 – 22.4%

That’s nearly 78% of received email containing security threats across over 63,000 user mailboxes.

In 2017, the phishing rate in South Africa was the highest in world, where 1 in 785 emails was a phishing attack – that’s a big problem. The very simple reason is that South Africa remains less secure than other countries like Netherlands (1 in 1 298 emails) and Malaysia (1 in 1 359 emails) and therefore highly susceptible to cyber criminals.

The two major reasons for this are education and affordability. South Africa is fairly new to the online world and is still learning about the dangers of cybercrime and they often believe it won’t happen to them.

The other reason is affordability or rather the misconception that security is too expensive. A full blown attack can seriously cripple a business, so security needs to be included in an IT budget just as with any other insurance policy.

What measures can a company put in place to protect themselves:

Email Security: Relying on your email provider to scan your email is just not sufficient, even if it is Microsoft Office 365. There are specialty email security companies that have advanced threat protection which literally dismantle your email and scan every aspect of it before putting it back together and delivering it safely to your mailbox.

Centralised and automated Patch management: Installing critical and high security patches to all network devices is absolutely critical and if we look at the WannaCry virus, there were patches available 59 days prior to the breakout - yet it still managed to have a significant impact on business.

Best in industry endpoint malware protection: Remember the bad stuff isn't only coming in via mail/internet and USB drives, devices that leave your network and harmful internet sites are massive threats

Automated backups are absolutely essential in any business: The more regularly you can back up the better. Using a backup technology that can detect ransomware is critical. Often ransomware will remain dormant for some time which means that even if you think you have a good backup it could be compromised without using the correct solution

Last but not least: A little bit of common sense goes a long way. Basic user education around how to identify threats and what to do if there is a breach need to be well communicated.

All of these components can be complicated and expensive to manage on an individual basis. However, Cloudbox offers all of the above security for a simple per user fee of R275 per month.

Justin Trent is chief executive at Cloudbox. The views expressed here are his own.

BUSINESS REPORT ONLINE