Six cybersecurity tips for small businesses to implement.
With two of the busiest seasons for retailers approaching, businesses, especially small and medium enterprises (SMEs), have been warned to beef up their cybersecurity, as this is when cybercriminals are eyeing to do the most damage.
John Dalton, head of engineering at Lula says one in three SMEs are falling to cyberattacks. He advises small businesses to treat digital security with the same seriousness as physical security
“SMEs are particularly vulnerable to cybercrime because they often have fewer resources than large corporations to dedicate to cybersecurity,” he said.
Dangers of weak cybersecurity on businesses
As businesses head into the busy end-of-year period, including Black Friday and the festive trading season, robust cyber defences are more critical than ever to safeguard transactions, customer data and business continuity.
Dalton adds that cyberattacks can cripple a business both financially and operationally. “From phishing scams and ransomware to insider threats and invoice fraud, SMEs face a growing list of risks.”
He said that beyond financial loss, breaches can also result in reputational damage, legal consequences under the Protection of Personal Information Act (Popia) and loss of customer trust.
ALSO READ: Cybersecurity breach costs Astral R20 million in profit
Six cybersecurity tips for small businesses
Dalton gives six cybersecurity tips for small businesses to implement.
1. Implement strong two-factor authentication
Use biometric verification, passkeys or one-time PINs to secure access to sensitive systems. Avoid password reuse and consider password management tools.
2. Train your team
Regular cybersecurity training helps employees spot and report phishing attempts, avoid malware and practise safe online habits – especially when working remotely. This is critical, as people are often the most vulnerable point in an organisation’s security and the source of the biggest threats.
3. Back up your data
Regular backups stored separately from operational systems can be a lifeline during ransomware attacks or system failures.
4. Create an incident response plan
Know how to respond during a cyberattack: isolate affected systems, alert support teams and contain the breach.
5. Develop a disaster recovery plan
Ensure your business can restore operations quickly using backed up data and predefined recovery steps.
6. Limit access to sensitive data
Define who can access what, why and how. Monitor and log access to critical systems to prevent insider risks.
ALSO READ: Customers’ personal data stolen from Louis Vuitton South Africa
SMEs at risk
A report by Santam released earlier in the year highlighted that SMEs remain vulnerable to cybercrime as they often lack adequate protection. The report revealed that only 26% of commercial entities have cybercrime cover in place.
Thabo Twalo, chief underwriting officer of Santam Broker Solutions, said their findings suggest that small business underestimate the impact cyberattacks can have on their enterprises.
“Despite several recent high-profile cyber-attacks, research suggests that while cybercrime is recognised as a risk, local business owners underestimate the protection measures required and most don’t have the necessary cover in place.”
1 450 weekly attacks
The report revealed that the cost of businesses not prioritising their cybersecurity in the country reached R53.1 million in 2024, a 10% increase from 2023.
In addition, local organisations are facing an average of 1 450 weekly attacks – a 4% year-on-year increase.
“This is particularly concerning as South Africa has been identified as a hotspot for crimes such as identity theft, data breaches, malware and phishing scams,” Twalo said.
“Although attacks on large corporations may make the headlines, it’s the frequent attacks on smaller businesses that are more concerning.”
NOW READ: Draft report on eFiling hijacking: Almost 16 000 cases and R21 million