AU's cyber security convention of little consequence

guideline issue

Cyber convention of little

Tuesday, Jul 17th

Cybercrime is everywhere – because users don't know enough!

Cybercrime is everywhere – because users don't know enough!

Cybercrime has overtaken all other types of crime as humans have embraced digital technology without really understanding it. Now, as digital, mobile and social technology becomes an integral part of our personal and work lives, the score has changed - we are beginning to comprehend its weaknesses and our vulnerability... and how this unanticipated security risk extends to the enterprise.

There are the basics that everyone teaches their kids, their customers and their employees – don't give you passwords away, set up one-time security pins and, if it's important, ensure double and triple layers of security. Encrypt. But what about the malware and ransomware that is just one careless and well camouflaged click away? And the new cons everyone's being caught out by simply because, well ... they don't know enough. Like the cryptocurrency scams.

While every business will have policies and controls in place on the corporate network, there is very little they can do about staff using technology in their homes and in their everyday interactions. The bugs, malware and Trojans they pick up can and do enter the enterprise. There are simply no boundaries anymore.

The answer? Education.

Businesses have to start educating technology users, not just protect the business.

There is no all-for-one security policy that works any longer. A security policy must be highly relevant to the organisation. The injunctions are simple:

  • Understand the technology.
  • Understand the risk.
  • Put the right policy in place for your business.

There is unfortunately no winning formula. Nor can businesses simply put in security requirements for the sake of ticking a box any more. Accepted levels of risk need to be defined and the security policy and rules must be practical and enforceable.

The security at any organisation will depend on the systems in use. Enterprises need to identify entry points to their networks and put endpoint protection in place, control access to and monitor traffic on these networks, sweeping networks clean regularly. The enterprise must also ensure the security circle is closed, putting alerts in place and acting on those alerts, staying ahead of new and emerging threats and enforcing basic safeguards, such as ensuring users implement anti-malware on their phones.

As the extent of our digital exposure and vulnerability continues to unfold, it's clear that businesses need to take more responsibility for educating its users. The rights and privileges we give digital platforms and applications, like Facebook and others, are being exploited in unexpected and surprising ways. It's time we wised up – there are very few benevolent providers of free apps and functionality. The digital world is in its infancy and there are untold and as yet unknown ways in which our data and our online behaviour can be manipulated and cashed in on. Companies have a lot to lose - it's time to ensure everyone takes responsibility for putting the basics in place.

* By Simeon Tassev, Managing Director and QSA at Galix.


Concern grows as Tanzania intensifies control over internet Published on 22 June 2018

Paradigm Initiative echoes a claim by local civil society organisations that regulations in place are tantamount to a crackdown on dissent and free speech.

Kenya's new-look tax plan will impact on local operations - CRS Technologies Published on 11 July 2018

Kenya's government has overhauled the country's current income tax legislation framework and announced measures designed to help grow the economy, according to the Budget Statement for the fiscal year 2018/2019.

Kenyans vent over new drone laws Published on 08 March 2018

Some describe regulations as 'costly' and an obstacle to innovation.