Owners of small and medium-scale enterprise (SMEs), which constitute an overwhelming majority of businesses in the country have been urged to make cybersecurity a lifestyle of their workers to protect their businesses.
Three panelists speaking at the MTN Business Breakfast Meeting on Cybersecurity and Digitalization for SMEs, noted that the era of digitalization has opened up all sizes of businesses to cyber attackers so it has become an imperative for all businesses, particularly SMEs to maintain a cybersecurity hygiene among their staff.
Cybersecurity was selected as a topic in commemoration of the World Cybersecurity Month, which is the month of October.
The three speakers were Jacqueline Hanson Kotei, Senior Manager, Enterprise Information Security and Governance, MTN Ghana; Audrey Mnisi, Bankings Ops, Risk and Cybersecurity Specialist, Ghana Association of Bankers and CK Bruce, CEO of Innovare Ghana.
CK Bruce noted the digital transformation is here to stay and any business which does not digitalize will die in no time. But on the flipside, digitalizing also means the business is outsourcing various aspects of its operations to other entities in the cloud in order to cut cost.
He noted that opening up one’s business to solutions in the cloud comes with the risk of being hacked, which is bound to happen.
”Hackers will always make an attempt on you – you can’t stop that, but you can slow them down and also put proactive measures in place to make it more costly and less attractive for them to hack you,” he said. “In the face of this situation you need to focus on your core business and outsource your cybersecurity to entities with the expertise to help you ward off hackers at the most affordable cost.”
CK Bruce noted that SMEs are better off outsourcing their cybersecurity to expert entities because data centers built by these entities have very strict security systems to deter, detect, delay and recover damages caused. The systems are also built with backups, because all of the data are not kept on one server. So when one server is attacked the business operations can be transferred to another server to keep the business going.
He however pointed out that the weakest link in every business is not its technology but rather the people, including staff, clients and even partners who have access to their systems, adding that the cloud access behavior of all these people go a long way to impact the security of the entire business.
“Hackers mainly capitalize on social engineering or carelessness of the user – so your staff, clients and partners must be educated not to click on links they are not familiar with and not to open strange emails and be careful what they even do on social media, because all those can be access points for hackers to attack your business,” he said.
CK Bruce noted that another important factor is the choice of a third-party technology partner. It is important to check what kind of certification that entity has or “you must insist on auditing the entity before you engage them.”
Jacqueline Hanson Kotei noted that most SMEs lack the financial resources and personnel dedicated to cybersecurity, but it has become imperative for them to have in-house cybersecurity hygiene because for hackers today “every business is fair game, even if the business has only a staff of one.”
She noted that to ensure effective use of scarce resources, SMEs need to do a risk assessment to determine what the exact loopholes are so that the resources will be applied judiciously to ensure continuous monitoring for deterrence, early detection and diffusion of hacks.
She also urged SMEs to ensure they have cybersecurity experts on their board of directors so that they can get expert advice on regular basis for less.
“Your first line of defense is your people and not so much your systems. It begins with leadership orientation and management practice,” she said. “You must ensure that there is a top of mind awareness on cybersecurity in your organization.”
She said it is also important for SMEs to familiarize themselves with regulatory requirement regarding data available to them, adding that adhering to regulations such as data protection could go a long way to ensure a decent cybersecurity hygiene in the organization.
According to Jacqueline Hanson Kotei, it is also very critical for SMEs to pay attention to the reputation of the entities they choose as third party partners, particular in terms of ease of communication, their level of attentiveness to client needs, the level of transparency in their cost structure and the scalability of the solution they provide. These factors help to determine if the entity could be trusted or not.
Touching on what has given rise to the need for SMEs to invest in cybersecurity, Audrey Mnisi noted that after Covid-19 struck, digitalization became an imperative by default, and it happened so fast that no one had time to train their clients on how to negotiate the curves of that space safely.
“Complex digital infrastructure was put in place by the big organizations who had to deal with their individual and small business clients via digital channels and yet the SMEs lacked the resources and the expertise to match up,” she noted.
She noted that hackers took advantage of vulnerabilities of the SMEs in the digital space to then attack them and even use them as conduits to hack even some big businesses.
”Even though it costs hackers money to engage in their enterprise, it is also very rewarding to they will keep doing it. That is why you need to shine your eye and put in the necessary measures to protect yourself,” she said.
She urged businesses to ensure that every device and online access points related to their business and even individual workers devices have passwords to prevent easy access by unauthorized persons.
”You need to have a decent level of protection on your desktops, laptops, mobile phones and all online platforms through which your systems can be accessed. Protect your systems from competitors, customers and even third-party partners,” she said. “Make it a practice to keep changing your password regularly, update your device software constantly and use multiple-step verification where necessary to make it difficult for people to hack you.”
In contracting third-party entities for a job, Audrey Mnisi said it is important to ensure the entity and or individual, like app developers, belongs to a professional body that can vouch for their integrity, or the entity has a trusted certification from credible standardization bodies such as ISO.
“You should understand that the tools used in building technology systems are same tools used is hacking them so you need to ensure that your technology partners can be trusted before your give them access to your systems,” she said.
She also emphasized the need to make cybersecurity awareness a continuous process rather than a one time thing, saying that “make sure your workers understand how their behavior affects the business and how that impacts their expectations from the business in terms of salaries and other reward packages”.
The MTN Business team also took the opportunity to explain to the SMEs what packages they have in store for them in terms of cybersecurity and digital solutions that will enhance their businesses.