Business Analysis: How to analyze any startup
An introduction to Cybersecurity in Nigeria: What every small business needs to know
Whenever the word “Cyberattack” comes up, in the mind of a Hollywood action thriller fan. It brings to mind a ‘James Bond’ movie. A fast-paced and emotional tensed scenario that involves a “criminal” mastermind attempting to breach the most secured and complex security networks or computers, with the aim of gaining unauthorized control or inserting malicious files that could cripple some parts or the entire system. This is equally followed closely by another person or group of persons who are tasked with pursuing this mastermind and bringing his/her activities to a halt or at least limiting the damage that could be caused to the minimum. Now, while this might seem far fetched for the average Nigerian small business, it does not exempt small businesses from the possibility of being attacked.
What is Cyber Security?
Cyberattacks happen when ‘hackers’ attempt to breach computers, electronic networks, systems, mobile devices maliciously. Hence cyber security is the practice of preventing such attacks from happening by deploying technological tools and skills. In the case of a small business, that would mean, preventing malicious attacks from affecting the operation of your business.
How does this concern your small business?
A recent report recently put cybersecurity threats on small businesses in Nigeria at a whooping 2308 per week! Quick math easily puts that figure at 120,016 per year. What is particularly disturbing is that these attacks happen in a wide range of formats, making it very likely for businesses to fall victim to any one of these formats.
A list of some of such Cyber threats are;
- Social Engineering and Phishing.
- Angler Phishing.
Social Engineering and Phishing. This one is particularly popular in Nigeria, especially in the banking industry. Social engineering and phishing happen when a user of an internet banking service as an instance is manipulated into willfully giving out sensitive information that could be used to access their bank account or card detail. This unfortunately leads to their monies being wiped out from their accounts.
Vishing. This is another popular one in Nigeria. This is coined from Voice and Phishing. Imagine getting a call from a random number, you answer and the caller goes “Hello my name is XXX, from ABC bank. Your debit card is going to be blocked in 3 days unless we help you resolve it. You can resolve it very easily but I’ll need your card details and CVV number”. If the call recipient takes the bait and gives out such information, the person has become a victim of vishing and as expected the consequence will be a cleaned out account.
Angler Phishing. Picture a disgruntled customer coming on social media to air their grievance about a poor service they recently received from a service provider. He/she then gets a DM from what looks like the social media handle of the service provider requesting to help with resolving the issue. The social media ‘handler’ goes ahead to request that the disgruntled customer gives out privileged information only to use such information to breach and of course inflict damage on such customer. This is how angler phishing occurs and it is also a top contender for frequent cyberattacks that happen to small businesses.
What you need to know about Cyberattacks
As a caveat, it will be noteworthy to point out that cyber-attacks are constantly evolving and getting more sophisticated. You might not be able to prevent all forms of cyberattack, let’s face it. Even the biggest tech companies in the world receive loads of threats. Some of these threats succeed. A few giants have had their security breached. In 2021, social media giant Facebook had 533 million Facebook user details leaked. In 2014, Apple had its iCloud service hacked. These are just to mention a few. Now back home in Nigeria, a lot of companies rarely report such breaches, so it is not readily available to know which company or even government agency has suffered a cyberattack but it is common knowledge that these attacks happen so often. It is safe to say that the topic of cyberattacks and breaches are unfortunately handled with so much secrecy
Steps to protect your business from Cyberattacks
- Back up Important business data frequently. As a small business, investing sufficient resources in a highly secured cloud server service can put your business in a safe zone, safe enough to limit the risk of a cyberattack. The average cost of a cloud-based server is set around $300 monthly. Set a schedule for how frequently these business data can and should be updated, plus it needs to be monitored to ensure it works as scheduled. As for frequency, some argue daily, some would support weekly. Depending on the nature and sensitivity of your business, you should find what works and apply it diligently.
- Secure all devices. Thankfully, all electronic devices connected to the IoT frequently send notifications about updates on such devices in an attempt to stay ahead of breaches and cyber-attacks. It then lies on the users of such devices to ensure that those updates are maintained as frequently as they come. Now, that is just one part of that aspect, getting security software installed on such devices takes security to another level. These security software scopes these devices often to detect possible breaches such as malware, raises an alert and then shuts such breaches down before they can cause any damages. Other security measures that can be taken on such devices are setting up firewalls and turning on anti-spam on them to reduce the chance of phishing.
- Encrypt Important Information. Encrypting should be a no brainer, unfortunately, too many businesses in Nigeria rarely take advantage of this. Think about this, one of the smallest items on you at the moment if guessed properly will be a debit card. Now considering that that plastic device runs on a highly sophisticated encryption system; you also should consider using encryption for all important business data. This can be made easier by purchasing encryption software to handle the encryption of business data in bulk. A few of such are; WatchGuard Network Security, Virtru, Kaspersky, Endpoint Security, Microsoft BitLocker, FileVault, Progress MOVEit, Tor, VeraCrypt.
Ensure you use multi-factor authentication (MFA). Multi-factor authentication requires the user to provide two or more verification factors to get access to a device, account, application, etc. This adds an extra layer of security in the sign-in process as it requires users to enter different independent credentials to enable access.
- Establish a Cyber Security Policy. A cyber security policy in business will ensure all employees are aware of the protocols they need to maintain to ensure the cyberattacks are limited to the bare minimum. This document should typically be handed to employees as soon as they assume their roles in your establishment. It should contain;
- Purpose statement.
- List of confidential data.
- Device security measures for the company and personal use.
- Email security.
- Data transfer measures.
- Disciplinary action.
- Cyber Security training. With the level of awareness this piece seeks to achieve with helping you gain the full grasp of cyber security, it will not be complete without pointing out the need for constant training and education on cyber security for your business. As much as generating revenue is important to the life of a business, cyber security is the shield that ensures that the ‘life’ of the business is not interrupted on account of incidences that could have been avoided. There are several institutions that can give such training to you or your staff as frequently as required.
- Hire a Cyber Security Expert. While this might seem like a significant cost to your business, it is nothing compared to the risk you could expose your business to if you choose to not get one. It allows you the comfort of focusing on the core of your business while you have someone who can be held accountable for managing cyber risk and damage control.
The subject of cyber security for your business is inexhaustible. Beyond the mere fact that your business needs it, it also improves customer confidence in your business. There exist regulatory bodies and legislative acts around data management in Nigeria, it will do your business well as a legal entity to align with their goals and objectives.
From time to time, also test the parameters you have put in place to see how your business stands against potential threats. Frequently doing this, makes it easier to spot weak points that oversight might not have previously covered or envisaged.