Cybercriminals will target anyone. Far from the romantic image of a rebellious hacker, cybercriminals are ruthless and cold-blooded villains who steal from the rich and poor, the elderly, widows, the desperate, and everyone else.

These offenders don't care who they target. They frequently attack small businesses. One out of every three South African SMEs have been cybercrime victims, and up to two-thirds of SMEs close their doors after a cyberattack, leading to unemployment and harming communities.

Cybercriminals are evil, but you can protect your business against them. Let's look at three common cyberattacks against SMEs and how you can prevent them.

1. Business Email Compromise

Business email compromise (BEC) is one of the most common cyberattacks targeting SMEs. A BEC attack doesn't even require a hacker to access business systems. For example, the criminals send a mock email with an invoice that looks legitimate yet has different bank details, fooling the payer to deposit funds into the wrong bank account.

BEC attacks are often plain fraud and can be tricky for security systems to spot. However, a good email security system can help spot fake emails. Ultimately, vigilant users stop BEC attacks.

Tips:

- Run modern email security software with technologies such as DMARC. This technology is an email authentication protocol that protects email senders and receivers from unauthorised use of their domain.

- Check the email address (which is often slightly different from that of a legitimate source).

- Call the company that allegedly sent the email to check if it's authentic.

- Provide security training for people with access to business bank accounts and finance systems.

- Put processes in place to double-check changes to account details.

2. Ransomware

Criminals use ransomware to encrypt data and demand a ransom. But ransomware attacks start long before encryption happens. The criminals will target staff with personalised messages called phishing attacks, trying to fool them into clicking on innocent-looking attachments or links that instead steal login details. Once the criminals have that information, they prepare for an encryption attack, encrypting company information and demanding a payment to release it.

Phishing attacks can arrive via email, instant messengers, or SMSs. They typically demand urgency (pay now or face fines!), rewards (act now to claim this prize!), or opportunity (click here to claim your lost package!). They will include a link or an attached file. If it's a link, it often will look like the login to internet banking or email websites.

Tips:

- Activate multi-factor authentication (MFA) on all important accounts to provide an extra barrier against criminals.

- Use email security software that can spot phishing emails.

- Ensure that software in user devices and servers is patched with the latest updates.

- Train employees to know that even emails that seem to be from trusted sources could be fake.

- Avoid clicking on links or attachments without checking they are legitimate.

- Inform IT staff if you spot a phishing email—it's likely part of a wider campaign targeting several employees.

3. Remote worker and device attacks

More people are working outside of the office. They are on the road, at home, or in public spaces such as airports and coffee shops. They often are not covered by many business security measures, making them easy targets for criminals. For example, criminals try to infect their devices, compromise their home routers, or create fake Wi-Fi networks that they connect to.

Vigilance helps to stop some of these attacks. But companies can take extra precautions by providing software that helps secure devices and network connections.

Tips:

- Use device management software to keep smartphones and tablets secure.

- Run security software on laptops and mobile devices.

- Provide virtual private networks (VPNs) that encrypt data sent via networks.

- Use mobile internet instead of public Wi-Fi, or use a VPN when using public Wi-Fi.

- Ensure that home routers are up to date with the latest patches.

- Ensure your business is secure

Online criminals are constantly looking for ways to hack into business systems and fool people. Keeping safe requires multiple protections, and it can be daunting to decide what is most important.

The best step is to have a trusted security partner who can advise on what works for your business based on your risks and budget. Vodacom's Managed Security Services are an excellent place to start for comprehensive security, and Vodacom CybSafe trains your employees to become your defenders and spot attacks before they can be successful.

There are many other ways to stop cybercrime from ruining your company. Explore Vodacom's robust security services to find out how to keep safe in the digital world.