The weakest link in a business’s computer system is not where you think it is

The number one threat in the online security of businesses in South Africa is not in their computer systems, but in the mind of the business owner, says Faiez Hartley, head of IT at Business Partners Limited.

The good news is that with a relatively minor mind shift and the implementation of a few basic cybersecurity measures, South African businesses can dramatically decrease the threat they face from cyber criminals. The problem, says Faiez, is that business owners tend to think mistakenly that their business is too small to be the target of a cyberattack. In fact, almost half of all incidents of ransomware attacks, cyberfraud, and cybertheft of money and information are aimed at small businesses.

With the advent of artificial intelligence tools, cybercrime aimed at small businesses is set to rise, says Faiez. While AI helps to automate many legitimate business processes, cybercriminals are leveraging the same technology to automate and amplify their attacks, broadening the range of the businesses they target.

The first and most important step towards a safer business on the internet is awareness. Business owners must understand just how vulnerable their own business can be in the digital space. This does not require extensive research or sleepless nights, it simply calls for the knowledge and recognition that cybercrime is a real and growing threat, and that any business with an internet connection is a potential target.

Think of it like the vehicles of a business. Business owners don’t send their cars on the road dreading that there will be an accident at every turn. But because they acknowledge that possibility of accidents, they ensure that their vehicles are roadworthy, insured and most importantly, that the drivers are competent. Similarly, acknowledging the risks of cybercrime allows business owners to take practical steps to protect their digital assets.

People are the frontline of cybersecurity and are often the most vulnerable. Research shows that over 75 percent of cyberattacks start with an email sent to individuals within a business rather than the computer system, mostly in the form of phishing attacks.

The word phishing comes from a play on the word fishing, because it employs the same strategy as a fisherman who casts a baited hook in the water to catch a fish. In this case, the bait is a seemingly legitimate email sent to an employee, prompting them to click on a link or download a file.

Unbeknownst to the employee, once the file is downloaded it may contain malicious software that gives the cybercriminal access to the business’s systems. From there the hackers can:

Install software allowing them to monitor your activity remotely, including the keystrokes that reveal passwords
Deploy ransomware, which locks your business’s data so that you can only access it once you pay them ransom money
Steal sensitive customer or suppliers private information
Impersonate the business when they target your clients, suppliers or partners

This is why employee awareness and training are just as vital as firewalls and antivirus software in protecting a business from cyber threats.

Cybercrime has ramifications beyond financial theft, it threatens the very integrity of your business, warns Faiez. A ransomware attack can halt operations entirely, while being used as a front for cyberfraud, causing serious reputational damage. In addition to these risks, each business has a legal obligation to safeguard the personal details of their clients and employees. Should a breach occur, it must be reported to the Information Regulator, as required by law.

The main bulwark against any of these threats is awareness, both from business owners and their teams. Use October’s designation as Cybersecurity Awareness Month as an opportunity to educate and increase the vigilance of your employees about phishing and other common attack methods.

Another basic step towards online safety is to implement two-factor authentication for all the logins in your business, requiring passwords as well as one-time pins sent to each user’s cell phone. Furthermore, make sure your software is up to date, make regular backups of your information, and store it securely in the cloud where it is usually safer than on your local computer.

Just like the road safety, no digital system is completely safe against cyber threats. However with the right precautions, beginning with awareness, you can significantly reduce your risk and strengthen your business’s resilience.

If you or your business ever fall victim to cybercrime, visit https://cybercrime.org.za to report the incident and get the necessary support.

Faiez Hartley is the Head of Information Technology, and he has more than 30 years of experience in IT and systems management. He is known for combining deep technical proficiency with strategic business insight, playing a pivotal role in aligning technology with enterprise-wide goals. He holds formal qualifications in Information Technology and a degree in Business Management, forming the foundation of his career in leading enterprise environments. Over the years, Faiez has remained committed to lifelong learning, with a particular focus on emerging technologies, data governance, leadership development, and, more recently, the transformative potential of artificial intelligence (AI). He works closely with cross-functional teams, executive leadership, and external partners to ensure IT is not just a service, but a strategic enabler of business transformation. He serves as our primary spokesperson for all IT-related matters, offering expert insights on technology infrastructure, digital transformation, cybersecurity, and systems support.