// EXPERT PROFILE //
“
THE LESSON HERE IS THAT AN SME , JUST
LIKE THE BIGGER
ENTERPRISES , MUST SORT OUT ITS COMPLIANCE
ONE WAY OR ANOTHER . within the business receives notifications to be patched , so the vulnerability does not lie with any device .
Additionally , in order to protect your employees ’ laptops in a work-anywhere environment , you will need an endpoint detection and response ( EDR ) system , which increases your visibility into your endpoint and , in turn , allows for a faster response time . EDR tools protect your organisation from advanced forms of malware .
Getting the fundamentals right from the very beginning should be sufficient to protect you most of the time – although of course a new threat will obviously need new technology to cover users . In the event of a ransomware attack , it may well be too late to assist if the SME doesn ’ t have appropriate backups . Best advice , therefore , is to be proactive and not reactive , and call in the experts before it ’ s too late .
A note on the POPI Act
In June 2020 , the President issued a Proclamation regarding the commencement of certain sections of the Protection of Personal Information Act ( POPI ), which aims to protect consumers by keeping their personal data private . These sections will take effect on or before July 1 2021 , meaning that all businesses must be compliant by this date .
The POPI Act will enable businesses to regulate how information is organised , stored , secured and discarded .
Companies therefore have a remaining eight months in which to implement all initiatives necessary for compliance to the Act . From July 1 next year , a data breach could mean that your business could be subject to a heavy fine .
Any business , whether large corporate or SME , will therefore need to invest in certain sets of security to be compliant to the Act . From an SME ’ s perspective , this could potentially cause your cost of doing business to increase and perhaps make your business slightly less profitable , but it will at least reduce the risk of your business facing a crippling fine because of non-compliance .
Private information is valuable and smaller businesses don ’ t necessarily have systems in place for the protection of the data that they hold . The lesson here is that an SME , just like the bigger enterprises , must sort out its compliance one way or another .
In conclusion
Our best practice advice for cybersecurity SMEs is as follows :
• Start with the fundamentals and get the basics right . Don ’ t over-complicate matters but also don ’ t take the cheapest option , which is not necessarily the best .
• As more employees continue to work from home as well as the office , ensure that you have a next generation , up-to-date antivirus software connected to your corporate firewall for endpoint protection .
• Pay attention to the realities of the POPI Act .
• Speak to the experts .
If you are not able to manage this necessary cybersecurity activity internally , we urge you to reach out instead to a managed security service provider ( MSSP ) partner , who can offer you protection based on a consumption model that could suit your cash flow requirements .
This will assist you to protect your business and your customers , as well as save you from the not-to-be contemplated prospect of a heavy POPI-related fine in the event of a data breach . �
36 intelligent
. tech
Intelligent SME . tech