Business General

Cyberattack: Eight ways to protect your business

South Africa is the second-most targeted country in the world when it comes to cyberattacks, according to PwC’s Global Economic Crime and Fraud Survey 2018. A recent IBM study has also revealed that the average cost of data breaches in South Africa is R36.5 million.

For individuals and organisations in the country, cyberattacks are an increasing reality, which is why it’s essential to take steps to protect yourself and your data, thereby reducing the risk of becoming a cybercrime victim.

  1. Protect your physical assets

Computers should be physically locked to desks, while doors to server rooms must be shut and locked. Consider using encryption tools like the built-in Bit Locker tool found in all Windows operating systems, so that in the event a computer is stolen, this tool prevents thieves from accessing the data.

If you want to dispose of computers that have stored any type of personal client information, then the provisions of the Protection of Personal Information Act (PoPI) act come into play. Wiping or deleting a hard drive won’t remove the old data, to be fully compliant, you will need to use a vendor that specialises in physical drive destruction. They will issue your company with a certificate as proof that the data was discarded in an approved manner.

Staff also need to play their part by keeping a clean desk policy and storing confidential documents in a safe place.

  1. Back up your data

PoPI is causing businesses to rethink how they store clients’ personal information. When data is stored at an off-site location, such as the cloud, it allows that business to recover any lost data and continue operating as normal.

  1. Update your defences

Don’t ignore updates, as they protect you from the most recent vulnerabilities. Ensure that your operating system is using the latest version of antivirus software and that you have a robust firewall solution. As antivirus software does not protect against malware, you also need a good anti-malware solution. To secure data and assist in protecting your business from phishing attacks, use email hygiene protection and Internet proxies.

  1. Schedule tests

Penetration testing adds value, but only when it forms part of a well-rounded security system. With basic security in place, you can proactively look for weaknesses in your network by conducting “penetration tests”. By doing this, Business Tech suggests that you will “close vulnerabilities before they are exploited by hackers”.

  1. Train staff

The risk to your business is likely to come from your very own employees. Train staff regularly about new cyber threats, so they can recognise scams and act accordingly. While you must have a robust Internet in place within the organisation, you also need cyber policies where you spell out to staff what is and isn’t allowed within the workplace environment. Ensure that you have decent cyber liability cover in place, as this will mitigate the effect on your bottom line in the event of a breach.

  1. Password policies

Passwords must be complex and changed often. While forgetful employees might want to write their passwords on Post-it notes and stick them on their monitors, this cannot be allowed as it is a security risk. Employees must also be reminded not to share passwords with each other. By enforcing strict internal guidelines for passwords, you decrease your vulnerability.

  1. Secure emails

As of January 2018, 54.5% of all global email traffic was considered to be spam. While it is vital to educate employees about opening unsolicited emails or clicking on email attachments, relying on human actions isn’t enough, you also need to install an email hygiene protection solution.

  1. Restrict access

As key stakeholders will normally be targeted in an attack, it’s highly recommended to have elevated protection in place. In addition, only authorise select IT staff to update or install software on company computers and advise staff against saving sensitive company data on their local machines.


Cybercriminals are increasingly attacking small and mid-size businesses, as their defences are usually weaker than larger organisations, and they “provide an entry point into larger firms with whom they do business.” The immediate effect of a cyberattack is an interruption to business services, however other consequences could include reputational damage, loss of company assets, litigation, loss of business and financial loss.


Business owners need to take all the necessary precautions they can to protect themselves and their companies against cybercrime, including investing in cybercrime insurance. For more information about cybercrime insurance, please contact an Indwe advisor on 0860 13 13 14.


Indwe is an authorised Financial Services Provider. FSP: 3425


Disclaimer: The above article is for information purposes only. Please consult a suitable and qualified professional if you require advice about cyberattacks and cybersecurity.



Your Preferences

You can switch off cookie types by clicking or pressing on their name. Mandatory Cookies cannot be disabled. You can change these preferences anytime.

Mandatory Cookies

These cookies are necessary for the website to function and can't be switched off in our systems. They are usually only set in response to actions you made which result in a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies but some parts of the site may not work as a result.

Functional Cookies

These cookies allow the provision of enhance functionality and personalization, such as videos and live chats. They may be set by us or by third party providers whose services we have added to our pages. If you donít allow these cookies, then some or all of these functionalities may not function properly.

Advertising Cookies

These cookies are set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant ads on other sites. They work by uniquely identifying your browser and device. If you don't allow these cookies, you will not experience our targeted advertising across different websites as a result of these cookies.