Small and medium-sized enterprises (SMEs) can improve their cybersecurity by focusing on three aspects, namely empowering their personnel through regular training, ensuring that the information technology (IT) department has visibility across the business and staff have secure access, and ensuring that all systems and information are regularly secured and patched and updated to prevent the exploitation of a security gap.

Reports show that almost half of attacks occur on SMEs. In recent research conducted by Liquid Telecom, just over half of the South African and Kenyan businesses surveyed have experienced a cybersecurity threat during the Covid-19 pandemic, information and communication technology solutions provider Liquid Telecom Cloud Services group head Winston Ritson said in a statement on October 19.

"A good place to start for any business, but particularly SMEs, is with your people. They are your first line of defence. Empower them to act as a human firewall. Conduct regular training – either through your IT department or through an external consultant who can show them what potential threats look like and how to be smarter when interacting online.

"Repeat the training regularly to remind them and keep cybersecurity top of mind. Your systems can be as secure as possible, but if your staff are inadvertently revealing passwords or information that could make guessing that password easier, then it won’t matter how advanced your technology is," he said.

The second step is to ensure the IT department has visibility across the business and secure staff access. Put measures like regular changing of passwords in place, disable downloads of untrusted software and applications and ensure that employees’ personal devices (if they are using them to access company networks) are secure as well.

The third step is to ensure that systems and information are secured on a regular basis, he added.

"Your IT department needs to ensure updates and patches are run regularly on machines to prevent potential back doors being accessed. The reason software companies release updates is because more often than not, they have been alerted to, or identified, a potential security threat in their software and the patch is there to close that gap.

"If possible, engage with a service provider that can manage all your cybersecurity requirements so that everything integrates and interconnects correctly. In taking these steps, you will be better protected from potential threats," said Ritson.

As evidenced by multiple reports in the media, cybersecurity threats have increased during the Covid-19 pandemic.

“Africa is being used as a target and as a camping ground for malicious actors out there who are using virtual private server- (VPS-) hosting providers to host their attacking infrastructure and servers. This has massive implications for individuals and businesses across the continent,” says cybersecurity enterprise Anomali threat specialist Andrew de Lange.

Anomali is one of Liquid Telecom’s cybersecurity partners.