King IV looks at your data

November 2016 Cyber Security, Security Services & Risk Management

Research by information specialists, J2 Software, shows that employees pose one of the biggest threats to the security of corporate data – a threat that is largely unrecognised by South African boards. The launch of the King IV Report on Corporate Governance by the Institute of Directors in Southern Africa on 1 November, and the imminent announcement of the effective date in terms of the Protection of Personal Information (PoPI) Act by the newly appointed Regulator, provide a wake-up call for South African organisations, says John McLoughlin, MD of J2 Software.

“Data is now recognised as the most valuable asset a company owns, and it is the target of criminal syndicates. PoPI and similar legislation elsewhere in the world has been devised to force companies to take responsibility for protecting the sensitive personal data they store on their systems. Codes like the King Code have long identified that a company’s data is the fuel on which it runs, and have made boards responsible for ensuring it is protected,” he explains. “But, all too often the threat is conceptualised as external, and the solution as purely technological. What they fail to recognise and be accountable for is that their employees represent an equally serious security risk.”

McLoughlin says that while there is no doubt that syndicates target employees to buy corporate information, an equal cause for concern is the fact that many corporate end-users create vulnerability inadvertently, simply by mishandling data or corporate IT assets. A survey conducted by J2 Software of 46 million Windows file and application activities, and more than 197 000 external USB device insertions found that:

• One in 40 end-users mishandle sensitive corporate information; 2.5 percent of the trusted user base represents a direct threat to corporate security.

• Less than one percent of businesses encrypt information copied to external USB drives, and even fewer know what has been copied.

• Less than one percent of businesses encrypt their users’ hard drives.

• 70 percent of businesses have no control and no visibility on administrative rights across their environments.

“Most, if not all, of these companies will have data-security policies in place but the truth is that they have absolutely no idea what is actually going on with their data,” McLoughlin says. “Very often it’s motivated employees who are the risk – using Dropbox because it’s the only way to get sensitive financial information to the sales director on a business trip in Turkey, for example. But one must also bear in mind that dishonest employees often have access to a lot of sensitive data that can easily be copied onto a hard drive and sold to the highest bidder.”

King IV requires companies to “exercise ongoing oversight of the management of information and, in particular, oversee that it results in the continual monitoring of security of information”.

“To discharge this responsibility and ensure that the company’s information is protected, systems are needed to monitor who is accessing data from inside the company as well as from outside – and what they are doing with it,” ends McLoughlin.

For more information contact J2 Software, 0861 00 5896,


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

The evolution of security in residential estates
Residential Estate Security Handbook 2020 , Editor's Choice, Integrated Solutions, Security Services & Risk Management
Two large estates discuss their security processes and the ever-expanding scope of responsibilities they need to fulfil.

Bang for your security buck(s)
Residential Estate Security Handbook 2020, Alwinco , Editor's Choice, Security Services & Risk Management
Hi-Tech Security Solutions asks how estates can maintain a good security posture in the time of the ever-shrinking budget.

Range of grid-independent power systems
Residential Estate Security Handbook 2020, Specialised Battery Systems , Products, Security Services & Risk Management
SBS Solar has a range of solutions to provide power, save on costs and above all provide peace of mind.

Work from home securely
Issue 5 2020 , Cyber Security
First Consulting provides enterprise-level IT security to working-from-home employees at more than 40 South African organisations.

Agility, meticulous alignment and testing
Issue 5 2020 , Cyber Security
Data loss can put the nails in the coffin for unprepared businesses. Investing in cyber resilience is key to succeed in the age of digital transformation.

Cybersecurity comment: A holistic approach to threat vulnerability
Issue 5 2020 , Cyber Security
Any organisation, whether large or small, public or private, should follow an established framework in order to protect itself against cyber threats.

Email security in COVID-19 times
Issue 5 2020 , Cyber Security
MJ Strydom, MD of cybersecurity specialist company, DRS, takes a look at email security in the era of COVID-19 and beyond.

June 2020’s most wanted malware
Issue 5 2020 , Cyber Security
Check Point Research finds sharp increase in attacks using the Phorpiex Botnet delivering new ‘Avaddon’ ransomware via malspam campaigns.

60% in SA victim to public cloud cybersecurity incidents
Issue 5 2020 , Cyber Security
Ransomware and malware, exposed data, compromised accounts, and cryptojacking to blame; GDPR shows promise with Europeans suffering least.

Vodacom Business enhances cyber resilience
Issue 5 2020 , Cyber Security
Partnership with Cloudflare will allow Vodacom Business to offer DDoS protection and traffic acceleration for all network infrastructure — whether on-premise, cloud-hosted, or in a hybrid environment.