Who still uses passwords like Pass.123, your spouse’s name followed by an @, or even the dreaded 1111? Or you have a strong password, but it’s written on a post-it note stuck to the bottom of your laptop? If this is you, you’re not just putting your personal information at risk – you could be offering criminals an easy way into your corporate network.
In a recent ‘State of email’ survey, more than half of the local companies that responded believe that insufficient employee awareness of cyber threats is their greatest security challenge in 2023. Right near the top of the list of common mistakes still putting organisations at risk – just below misuse of personal email – is poor password hygiene.
As the incidence of cyberattacks grows, it’s never been more critical for businesses of all sizes to move rapidly to secure their key IT systems, as well as their company and customer information, says Rochelle De Lucia, CEO of the commercial and broker division at insurer King Price.
“Just because you’re a small business doesn’t mean you’re safe. The fact is that businesses of all sizes, in all sectors, are potential targets for cybercriminals. In fact, SMEs are often the weakest link, as they don’t have the same level of protection as big companies,” said de Lucia.
A cyberattack can literally put a small to mid-sized company out of business. IBM’s 2022 Cost of a Data Breach Report says 83% of local organisations had experienced more than one breach in the last 12 months – and South Africa has the highest global probability of a repeat breach. The average cost of a breach is close to R50 million. The most common initial attack vectors include stolen or compromised credentials and phishing.
So where do SMEs start to protect themselves and their customers? While cyber insurance is becoming increasingly common among local businesses, that’s just one element of the precautions that every company should be taking. But apart from the security basics – having a firewall and enterprise-level anti-virus software, backing up data regularly – the biggest step companies can take is to create greater awareness amongst their employees.
“It’s no use spending millions on security solutions if you don’t educate your people. When it comes to security, your people are the weakest link. They click on dodgy links. They use weak passwords. They let other people use their devices at home. Your best defense is to create an active cybersecurity culture that gets everyone in the business following basic security habits,” said De Lucia.
1 Comment
Pingback: Is Hacking Your Business As Easy As 12345*? - News Online | Concnews