Cybersecurity for Cape Town businesses: what actually matters

Most cybersecurity articles start with alarming statistics about global cybercrime and then list every possible threat from nation-state attacks to zero-day exploits. That is not useful if you run a 15-person accounting firm in Cape Town.

You do not need to worry about everything. You need to worry about the four threats that actually hit businesses like yours. And then you need to do something about them.

Threat 1: Phishing

This is the one that gets through most often.

A phishing email looks like something you would expect to receive: a message from your bank, a delivery notification from the Post Office, a SARS tax notice, or an email from your boss asking you to pay a supplier urgently.

It is not real. It is designed to get you to click a link, enter your password, or open an attachment.

Why it works: The emails have gotten very good. They use real company logos, real-looking email addresses, and they arrive at times when people are busy and not paying close attention. A staff member checking email on a Monday morning, working through 30 messages, is not going to scrutinise every sender address.

What happens when it works: The attacker gets your email password, access to your system, or installs malware on your machine. From there, they can send emails as you, steal client data, or use your account as a launching point for attacks on your contacts.

What to do about it:

• Train staff to question unexpected emails, especially ones creating urgency
• Enable multi-factor authentication on all email accounts. Even if someone gets your password, they cannot log in without the second factor
• Use email security that filters phishing before it reaches inboxes
• Set up DMARC on your domain so scammers cannot easily spoof your email address

For a detailed guide on spotting phishing, see our article on phishing protection.

Threat 2: Ransomware

Ransomware encrypts your files and demands payment for the key to unlock them. It is a business model for criminals, and it targets South African businesses regularly.

How it gets in: Usually through a phishing email (threat 1 leads to threat 2), a compromised remote access point, or an unpatched vulnerability in your software. It does not require a sophisticated attacker. Ransomware kits are sold on the dark web, and the people deploying them are often just following instructions.

What happens: Every file the ransomware can reach gets encrypted. That includes files on your server, shared drives, and any connected backup drives. Some ransomware sits quietly for weeks before activating, which means your recent backups may already contain the infected files.

What to do about it:

• Keep your systems patched and updated. Most ransomware exploits known vulnerabilities that already have fixes
• Use endpoint protection with behavioural detection (not just antivirus), which catches ransomware based on what it does rather than matching a known signature
• Maintain proper backups with version history and off-site storage. Your backup is your ransomware recovery plan. See our business backup guide for what that looks like
• Restrict user permissions. Not every staff member needs access to every file on the server

For the full picture on ransomware, see our ransomware guide.

Threat 3: Invoice fraud

This is the threat that costs South African businesses real money, often tens or hundreds of thousands of rands in a single incident.

How it works: A scammer sends an email that appears to come from a supplier your business regularly pays. The invoice looks normal. The only change is the banking details. Your accounts team pays it, and the money goes to a criminal.

There are two versions. In the first, someone has gained access to a real email thread (through a compromised mailbox) and sends a convincing follow-up with new banking details. In the second, the scammer spoofs the sender address entirely, so the email appears to come from the real domain.

Why it is so effective: It targets finance staff who process invoices routinely. It does not look like a scam. It looks like normal business correspondence with a minor administrative change.

What to do about it:

• Verify any change in banking details by phone, using a number you already have on file, not a number in the email
• Set up DMARC, SPF, and DKIM on your domain. This prevents the spoofed version of the attack, where someone sends emails pretending to be your company
• Use email security to flag suspicious sender addresses
• Establish a process: no banking detail changes get processed without a phone call to the supplier

For a detailed guide, see our article on invoice scam emails.

Threat 4: Credential theft

Stolen passwords are the keys to everything. If someone has your email password, they can read your messages, send emails as you, reset passwords for other accounts, and access anything connected to that mailbox.

How credentials get stolen:

• Phishing (someone enters their password on a fake login page)
• Data breaches at other services (people reuse passwords)
• Weak passwords that can be guessed or cracked
• Keylogger malware installed through a compromised download or attachment

Why it matters for small businesses: Most SMEs use Microsoft 365 or Google Workspace. Your email account is also your identity for OneDrive, SharePoint, Teams, and any application that uses “Sign in with Microsoft” or “Sign in with Google.” One compromised password can open access to everything.

What to do about it:

• Enable multi-factor authentication on every account. This is the single most effective thing you can do. Microsoft reports that MFA blocks 99% of automated attacks
• Use strong, unique passwords for every service. A password manager makes this practical
• Monitor for suspicious sign-ins. Microsoft 365 can alert you when someone logs in from an unfamiliar location or device
• Respond immediately when credentials are compromised. Change the password, revoke active sessions, and check for forwarding rules that the attacker may have set up

What ties these four together

You might have noticed a pattern. Phishing leads to credential theft. Credential theft enables invoice fraud. Unpatched systems invite ransomware. And ransomware recovery depends on backup.

Cybersecurity is not four separate problems with four separate solutions. It is layers. Each layer reduces the chance that any single threat causes real damage.

This is exactly how we approach security for our clients:

• Email security blocks phishing before it reaches inboxes
• Multi-factor authentication stops stolen passwords from being useful
• DMARC and email authentication prevents domain spoofing
• Endpoint protection catches malware and ransomware on devices
• Managed backup ensures recovery when prevention fails

No single measure stops everything. But together, they make it very difficult for an attacker to get through. Details on how these layers work together are on our security solutions page.

How protected is your business right now?

We will check your current security setup and tell you where the gaps are. Most businesses have at least one.

Get an IT Health Check

Or talk to us directly:

Call: 087 820 5005

WhatsApp: 081 526 1626

—

Related reading

• Phishing protection: how to spot fake emails
• Ransomware: what it does and how to protect your business
• Invoice scam emails: how to spot them
• Multi-factor authentication: what it is and how to set it up
• Business backup: what it actually means