Share

Cybercriminals targeting small marketing firms

Johannesburg - Small marketing agencies must understand that when they gain access to the intellectual property (IP) of a large company, they can be targeted by cybercriminals as a perceived “weak-link” in the security of that IP, warned Riaan Badenhorst, managing director of Kaspersky Lab, Africa.

Large companies are more likely to go to great lengths to secure the data within the confines of their organisation, but the same stringent standards aren’t often held by the third-party vendors they hire.

A 2012 Poneman Institute study showed that third-party vendors accounted for 19% of data breaches that year.

Clearly, cybercriminals see the value in targeting external agencies that have access to valuable client data, said Badenhorst. 

Winning business and trust of large businesses

When a small consultancy lands a big client, the thrill of delivering a winning pitch quickly gives way to the challenges of delivering on promises.

Suddenly, these small agencies are given virtual “keys” to some of their new client’s most important business information – product road-maps, competitive positioning, sales strategies, and in-depth plans for their client’s forthcoming big product.

In doing so, the client places their trust in the SME's ability to maintain the secrecy of their intellectual property.

"Imagine having to explain to your new client that a malware infection has put this information at risk, and may have been stolen by cybercriminals," said Badenhorst.

"One security incident could be enough to sour the new relationship and put the future of the agency at risk."

What makes a small marketing agency vulnerable?

The 2013 Verizon Data Breach Investigations Report found that 20% of all network intrusions occurred at information and professional services firms.

"We can speculate that unfortunately, some of the characteristics of upstart marketing and communication service providers can make them attractive targets to cybercriminals," said Badenhorst.

"For businesses where collaboration and creativity is king, there can be security holes that need to be addressed."

Highly mobile, highly connected

Any communications professional that serves a client understands the importance of being accessible at all times.

The North American NSBA 2013 Small Business Technology Survey found that not only has laptop, tablet and smartphone usage skyrocketed in recent years, but that 60% of small businesses allow employees to telecommute.

"That adds up to a lot of sensitive data leaving the office on mobile devices that most often lack security software, and are more likely to be stolen or lost," said Badenhorst.

What to do?
 
Ensure that all mobile devices, including any employee-owned devices that could be used to access company data, are equipped with security software that not only protects from malware, but helps find missing devices and erases data from stolen devices.

High social media usage

Small businesses in general have adopted social media at a fast pace.

According to the NSBA, just 27% of small businesses have no social media presence, down from 53% just three years ago.

But social media is a huge vector for cyber attacks, including targeted phishing schemes using malicious links or malware-laced applications. Even with savvy-employees, it only takes one wrong click to open the door to data-stealing malware.

What to do

To help employees avoid malicious websites or content that appears to be legitimate, use security software that monitors the reputation of hyperlinks and websites, and will alert users to any potential scams.

Loose IT discipline

A seasoned marketing professional opening a new consultancy knows plenty about marketing strategy, but probably knows little about maintaining a secure IT network.

However, according to the NSBA, 40% of small business owners manage their own IT and tech support.

While owners are focusing on winning clients and hiring new employees, there’s little thought given to IT security concerns.

What to do

Find a security solution that provides protection without complex installation and maintenance, according to Badenhorst.

"The best protection against the theft of sensitive information is data encryption," he said.

"While it may sound intimidating, encryption isn’t a complex tool reserved only for big businesses."
 
We live in a world where facts and fiction get blurred
Who we choose to trust can have a profound impact on our lives. Join thousands of devoted South Africans who look to News24 to bring them news they can trust every day. As we celebrate 25 years, become a News24 subscriber as we strive to keep you informed, inspired and empowered.
Join News24 today
heading
description
username
Show Comments ()
Rand - Dollar
18.97
-0.4%
Rand - Pound
23.98
-0.3%
Rand - Euro
20.51
-0.2%
Rand - Aus dollar
12.36
-0.1%
Rand - Yen
0.13
-0.4%
Platinum
906.75
+1.1%
Palladium
1,015.63
+1.4%
Gold
2,206.97
+0.6%
Silver
24.60
-0.2%
Brent Crude
86.09
-0.2%
Top 40
68,261
+0.9%
All Share
74,453
+0.7%
Resource 10
56,939
+2.3%
Industrial 25
103,989
+0.7%
Financial 15
16,492
-0.2%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

LEARN MORE
Government tenders

Find public sector tender opportunities in South Africa here.

Government tenders
This portal provides access to information on all tenders made by all public sector organisations in all spheres of government.
Browse tenders