King IV looks at your data

November 2016 Cyber Security, Security Services & Risk Management

Research by information specialists, J2 Software, shows that employees pose one of the biggest threats to the security of corporate data – a threat that is largely unrecognised by South African boards. The launch of the King IV Report on Corporate Governance by the Institute of Directors in Southern Africa on 1 November, and the imminent announcement of the effective date in terms of the Protection of Personal Information (PoPI) Act by the newly appointed Regulator, provide a wake-up call for South African organisations, says John McLoughlin, MD of J2 Software.

“Data is now recognised as the most valuable asset a company owns, and it is the target of criminal syndicates. PoPI and similar legislation elsewhere in the world has been devised to force companies to take responsibility for protecting the sensitive personal data they store on their systems. Codes like the King Code have long identified that a company’s data is the fuel on which it runs, and have made boards responsible for ensuring it is protected,” he explains. “But, all too often the threat is conceptualised as external, and the solution as purely technological. What they fail to recognise and be accountable for is that their employees represent an equally serious security risk.”

McLoughlin says that while there is no doubt that syndicates target employees to buy corporate information, an equal cause for concern is the fact that many corporate end-users create vulnerability inadvertently, simply by mishandling data or corporate IT assets. A survey conducted by J2 Software of 46 million Windows file and application activities, and more than 197 000 external USB device insertions found that:

• One in 40 end-users mishandle sensitive corporate information; 2.5 percent of the trusted user base represents a direct threat to corporate security.

• Less than one percent of businesses encrypt information copied to external USB drives, and even fewer know what has been copied.

• Less than one percent of businesses encrypt their users’ hard drives.

• 70 percent of businesses have no control and no visibility on administrative rights across their environments.

“Most, if not all, of these companies will have data-security policies in place but the truth is that they have absolutely no idea what is actually going on with their data,” McLoughlin says. “Very often it’s motivated employees who are the risk – using Dropbox because it’s the only way to get sensitive financial information to the sales director on a business trip in Turkey, for example. But one must also bear in mind that dishonest employees often have access to a lot of sensitive data that can easily be copied onto a hard drive and sold to the highest bidder.”

King IV requires companies to “exercise ongoing oversight of the management of information and, in particular, oversee that it results in the continual monitoring of security of information”.

“To discharge this responsibility and ensure that the company’s information is protected, systems are needed to monitor who is accessing data from inside the company as well as from outside – and what they are doing with it,” ends McLoughlin.

For more information contact J2 Software, 0861 00 5896,

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Sustainability School opens for enrolment
Education (Industry) News Security Services & Risk Management
Three-part programme, first developed for Schneider Electric employees, is now available for free for companies worldwide. Attendees learn how to future-proof their businesses and accelerate their decarbonisation journeys.

Cyber attackers used over 500 tools and tactics in 2022
Cyber Security News
The most common root causes of attacks were unpatched vulnerabilities and compromised credentials, while ransomware continues to be the most common ‘end game’ and attacker dwell time is shrinking – for better or worse.

Success in business process best practices
Technews Publishing Kleyn Change Management Editor's Choice Integrated Solutions Security Services & Risk Management
This month we commandeer time with the woman who is spearheading our national conversation on Women in Security, Lesley-Anne Kleyn, to get to know the lady herself a little better.

Addressing the SCADA in the room
Industrial (Industry) Cyber Security
Few other sectors command the breadth of purpose-built and custom devices necessary to function, as the industrial and manufacturing industries. These unique devices create an uncommon risk that must be assessed and understood to fully protect against incoming attacks.

Security awareness training
Training & Education Security Services & Risk Management
It is critically important to have a security awareness solution that uses the limited time available to train effectively, and one that provides targeted education that is relevant to users.

Recession or stress?
Cyber Security News
The economic landscape has seen many technology companies lay off vast numbers of employees, but for cybersecurity, the picture looks very different – a dynamic mixture of excitement, challenges and toxicity.

Technology to thwart solar panel thieves
Asset Management, EAS, RFID Security Services & Risk Management Products
A highly efficient industrial network is coming to the rescue of the solar industry, as solar panels, inverters and batteries are being targeted by thieves and threaten to destabilise the industry.

Banking the unbanked comes with security risks
Financial (Industry) Security Services & Risk Management
As grim as it was, the pandemic of recent years and its resultant global economic crisis were a prime catalyst for record number of first-time bank users, the previously unbanked.

Vulnerabilities in industrial cellular routers’ cloud management platforms
Industrial (Industry) Cyber Security Security Services & Risk Management
Research from OTORIO, a provider of operational technology cyber and digital risk management solutions, unveils cyber risks in M2M protocols and asset registration that expose hundreds of thousands of devices and OT networks to attack

SAFPS to launch a platform to combat fraud
Editor's Choice News Security Services & Risk Management
In response to the growing need for a proactive approach to fraud prevention, the SAFPS is developing a product called Yima, which will be a one-stop-shop for South Africans to report scams, secure their identity, and scan any website for vulnerabilities.