If there’s one thing a cyber-criminal loves, it’s easy pickings – and what could be an easier target than remote employees? This is especially true for small businesses, which don’t always have the time or resources to secure their networks against the marauding cyber-forces.
Simply keeping your head down and hoping you don’t get hit isn’t going to cut it, warns Wynand van Vuuren, client experience partner at King Price Insurance. Cybersecurity company Mimecast’s The State of Email Security report shows that 85% of South African respondents experienced a business disruption, financial loss or other setback in 2020 due to a lack of cyber preparedness.
Fully 40% of those surveyed said their organisations fall short in one or more critical areas of email security systems, leaving employees open to phishing, malware, business email compromise and other attacks. Accenture’s State of Cybersecurity 2020 report estimates that 43% of cyberattacks target small businesses. Terrifyingly, only 14% have the protections in place to stave off an attack.
So what can small and medium-sized businesses do to protect themselves, and their remote workers?
Understand where the attacks come from
Phishing is probably one of the biggest risks facing remote workers, with attackers luring unsuspecting victims into clicking on fake links and websites through emails that appear to be official and above board. Once they have access to your system, they can install malware, which can allow them to access your sensitive information.
Ransomware is another looming threat. Sophos’ State of Ransomware 2021 report says the total cost of recovery from ransomware attacked double in the last year, from R10.7 million to more than R26 million. Recovery from these attacks can take months, with no guarantee of getting back your data.
Lock the gates and control access
Implement the best security you can afford, including firewalls, security software and malware scanning. This could also mean implementing permissions to access your systems and apps, and even blocking certain websites and apps. Make sure your anti-malware anti-virus, and anti-spyware software is updated regularly, and ensure that all employees working outside the office use secure connections.
Train your employees. Repeatedly
Mimecast’s research showed that more than half (52%) of surveyed companies said employees were unaware that cybersecurity was one of their greatest vulnerabilities – but less than half (46%) conducted any form of regular training. “It’s vital that you get all your remote workers on the same page when it comes to cybersecurity,” says Van Vuuren.
Know the risks
If unauthorised people access an employee’s system and steal client information, the company may be held legally liable, with the new Protection of Personal Information Act (POPIA) clear about companies’ obligations in this regard. Employees working on their own systems can infect the company’s systems with viruses – or even worse, other companies’ systems.
“Businesses should be reducing their risks in this regard with specific cyber insurance policies, which can protect them from the after-effects of a breach by covering the costs of data recovery, damage to computer systems and data, and disruption that results in loss of income,” says Van Vuuren.
Put cyber insurance in place
Make no mistake, cyber insurance can’t save your business from attacks – but it’s an important way to protect you from the after-effects of a breach by covering expenses for:
- Data breach, including hiring legal and forensic IT professionals to help you recover your data.
- Damage to computer systems and data.
- Disruption following a cyberattack that brings your business to a halt and results in loss of income.
- Specialist support to check if a cyber threat or attack is real.
- Financial loss and proving fraud, including financial losses resulting from fraudulent inputs into insured computer systems which have led to dishonest transactions.
“The best insurance policy is always one you never have to use. But by combining a proactive, holistic security approach with a strong cyber insurance policy, you should be well on the way to keeping your business healthy while your people are working off-site,” says Van Vuuren.