Businesses around the world are paying more attention to cyber security since cyber-attacks have, in recent years, become an issue of serious concern. According to statistics from the Rwanda Investigation Bureau (RIB), 254 cases of cyber-crime involving up to Rwf416 million were reported in 2021. The country registered growth in cybercrime in previous years. Reported cases almost tripled from just 47 in 2017, to 113 cases in 2018. In 2019, there were 128 cases, and 168 in 2020. According to RIB, the common avenues that hackers go through to launch cyber-attacks include: mobile banking platforms, electronic money transfers like mobile money, fraud and deceit through the internet, theft and fraudulent use of ATM cards, as well scenarios where crooks connive with bank staff to access key information related to clients’ bank accounts, among others. The National Cyber Security Authority (NCSA), a government agency put in place to build skills and capabilities necessary to secure Rwanda’s cyberspace, says that cyber security has a large role to play in protecting SMEs since modern businesses are increasingly relying on digital solutions. Smalller businesses are more vulnerable to cyber-attacks as they do not have the resources that larger corporations do. “Malicious actors use this to their advantage,” reads a statement from the NCSA. However, the Authority notes that prioritizing cyber security for SMEs does “not categorically require large spending” but a change of mindset so that business owners adopt key best practices that can protect them from falling victim of cyber-attacks. The NCSA recommends cyber security best practices for SMEs: 1. Conducting regular training programs for employees The NCSA says that training business staff properly can mean that the whole team is aware of the latest cyber security risks and is able to sufficiently respond in such situations. 2. Performing risk assessment A cyber security risk assessment, according to the NCSA, is critical for determining whether or not a business is prepared to defend against a range of cyber security threats. “Depending on the risk assessment framework you choose to adopt, your business will identify, analyse, evaluate, prioritize, treat and monitor risk, so that you are aware of potential threats and the processes for your business to respond,” the statement reads. 3. Deploying antivirus software Here, there should be effort to ensure that work computers have antivirus or endpoint protection software installed and that automatic updates are enabled. The anti-virus allows the team to scan all email attachments and downloaded software, to prevent running malicious content on your device. 4. Keep software updated “With all the devices you use within your business, applying software updates will help to fix newly discovered bugs and security holes that could leave them vulnerable targets to malicious actors. Ensure software updates are applied as immediately as they become available,” reads the statement from NCSA. 5. Backup your files regularly “Regular backups mean you have additional copies of your data outside of your business network. In the case of a breach, these backups can offer a solution towards company data that has been lost or made inaccessible by malicious actors,” the statement reads.