Your Data Is At Risk Across the globe, data breaches are costing businesses - small and big alike - millions, and South Africa is no exception. Are you taking a risk your business can't afford?
Opinions expressed by Entrepreneur contributors are their own.
You're reading Entrepreneur South Africa, an international franchise of Entrepreneur Media.
Data breaches are costing enterprises an average of $1,23 million a year and SMEs $120 000 per cyber incident on average. The unfortunate reality is that these figures increase annually as we embrace the digital world and become increasingly connected.
Despite this, many decision-makers think that data security is the exclusive domain of the IT department and they do not need to worry about it. And, if you are an SME, the approach might be that those freely available anti-virus and internet security tools will be enough to keep your data safe. Sadly, this could not be further from the truth.
Technology has infiltrated almost all aspects of business today. And with more companies embracing the cloud and other hosted solutions, there is a growing awareness of the benefits of being able to access data irrespective of physical location and device used. The ubiquity of mobile devices mean employees are no longer office-bound.
The Wild West
But for all the advantages that this mobile lifestyle offers, how many have taken the time to think about effectively safeguarding their data on these devices (both business and personal)? Think about it this way - every mobile or other connected device that can access corporate data, is a likely entry point for malicious users to either compromise it, steal it, or hold it to ransom.
Now, scroll through your phone and open your security application. Scarily, many South Africans do not even have a free cybersecurity solution installed on their mobile device. This is often the same device that accesses the company network and pulls mission-critical data from the system.
The days are long gone where viruses were just bouncing balls appearing on the computer screens slowing down a system. Today, malicious software (malware) has become big business. Hackers form collectives and target companies of all sizes, across industry sectors, and from any country. They are committed to getting access to what many have likened to the "oil' of the digital world – data.
Data forms a core component of any business. Just imagine what would happen if you lost your data. Take a moment to reflect on how quickly you could recover from such a disaster and what the impact on your clients and your longevity would be.
Granted, these collectives do not quite have salaried hackers doing the dirty work, but it is fast approaching that stage. A few months ago, a well-known local insurer experienced a ransomware attack and went public with it. Think about all those companies that do not act as proactively to get ahead of the problem.
In this [digital] Wild West, it is only a matter of when your data gets compromised and not if. Are you ready for it?
Safeguarding data
Kaspersky Lab research is showing that people are starting to become more aware of the implications this could have for their businesses. In fact, 69% of respondents to our survey admit to feeling stressed out when hearing news of data breaches and the fact that companies often experience multiple breaches.
This is certainly a step in the right direction.
Sticking one's head in the sand and hoping the problem will go away never helped any business. In theory, this awakening should lead to closely scrutinising existing security policies and systems. Given how increasingly sophisticated cyber attacks have become, such an internal audit is vital to get an understanding of the safeguards that currently exist and where improvements need to be made.
But while cybersecurity solutions are obviously important, it involves something more comprehensive than that. Protecting your data is not about installing a firewall or a piece of anti-virus software. It involves a comprehensive and considered approach that takes every point of contact into the business, reviews it, and protects it.
This is where employee education forms an integral step in keeping business data safe. Social engineering remains one of the biggest threats to organisational data. Those emails that come in asking for details to be verified or files to be opened – definitely a no-go area. And when it comes to real-world threats, workers need to be educated on what to look out for. The age-old example of a flash drive being left on a desk with a file called Salaries.xsl might be too big a temptation to resist for some. Even inserting an infected drive into a computer could be enough for the hackers to take care of the rest.
New focus
Local businesses must therefore embrace a new focus on cybersecurity. Not only does this make good corporate sense, but it is essential in complying with data regulation such as the General Data Protection Regulation (GDPR) of the European Union and the Protection of Personal Information Act (POPI) in South Africa.
Being found in breach of this compliance not only means significant financial fines (that could be crippling in itself), but also reputational damage that stems from showing customers that the organisation is not committed to keeping their data safe.
So, protecting against data breaches necessitates a multi-pronged strategy that encompasses solutions (hardware and software), employee education, multi-touchpoint assessments, and ongoing evaluation to keep up to date with the latest trends.
However, no organisation can realistically be expected to manage all of this on its own. This is where trusted managed service providers in the cybersecurity environment fulfil a critical role. They can take care of all the security needs while the business can focus on meeting its strategic objectives.
It is a dangerous new digital world out there. No company is safe and even start-ups must do what is necessary to protect their data. To do any less, would be to risk the future of the organisation.