Education reduces cyber risks

Issue 2 2020 Editor's Choice

While there are endless products available that promise to deal with cyber-attacks, they will all tell you that they don’t guarantee 100% security. The fact is that the nature and scope of cybercrime is so vast that there is no solution that can do everything, even the ones you pay a fortune for.

Henk Olivier.

When it comes to the SME (small to medium enterprise) market, the cybersecurity issue is worse. These companies have restricted budgets and rarely have the skills required to effectively manage their cyber risks. Henk Olivier, MD of Ozone IT Distributors recently did some research into what the main vulnerabilities in this sector are.

While Olivier can list pages of risks and vulnerabilities related to hardware and software used in these companies, he found that the primary cyber risk SMEs face is a lack of knowledge and understanding of how to do the basics to reduce your cyber-attack surface.

Olivier provides the example of phishing, one of the most common and easiest ways for cybercriminals to get into your systems. Many employees don’t understand what this is and how they can identify it. Moreover, many bosses don’t take it seriously either. Taking it further, many of these companies don’t have a basic IT usage policy that stipulates what can or can’t be done on the company’s IT systems, or what is expected of employees using the company’s technology. This is a problem in as many as 80% of SMEs.

Restricting access and email data

Another common problem relates to Wi-Fi connections. Most SMEs have Wi-Fi connectivity due to its convenience and ease of use, however, they have one password to access the Wi-Fi network and staff use this to connect their own devices – such as smartphones, personal laptops and so on. This is a risk as any malware on those devices can easily be transferred to the company’s IT systems and disrupt the business. This is especially true in smaller companies without the skills and cybersecurity tools to protect themselves.

In addition, staff often subscribe to newsletters and do online shopping using their work email addresses. While this may seem innocent enough, if the company behind the shopping site or newsletter is hacked, the criminals know something about your company, i.e. your domain and a user name.

What makes this more dangerous is that people have a nasty habit of reusing passwords. So if the hackers get the user’s email address and password, the first thing they do is see if the password will get them into the SME’s server.

The ideal, according to Olivier, is to educate staff not to use their work email addresses for any non-work purposes. There are plenty of free email services available they can make use of. Basic education in terms of not reusing passwords and choosing complex passwords will also go a long way to mitigating the cyber risks the company faces.

It should be noted that education is as important to the directors and owners of the business – if not more so as they will have to deal with the fallout and losses associated with a cyber breech (and it is incorrect to assume small businesses are not in the line of fire). And now that PoPIA (Protection of Personal Information Act) has an official start date, owners and directors will be held accountable for breeches that expose sensitive data.

Three controls the SME needs

As noted, there are endless options to choose from when it comes to cybersecurity tools, however, Olivier says there are three controls SMEs should see as essential.

1. Every desktop and laptop must have an antivirus program installed that is updated daily.

2. For business connectivity to the Internet, the SME must have a firewall. This doesn’t mean just having a firewall, but also configuring it correctly to meet your business’s security requirements. Fortunately there are managed services options that allow companies to use firewalls that are remotely managed by professionals.

3. Wi-Fi control is critical for the SME as this presents an easy way into your network. Companies should not have an open Wi-Fi network that anyone can connect to. There are many solutions available today that allow companies to set up a separate network that is connected to the Internet only, but not the company network. This can be made available to guests, while the primary network is limited to staff.

While this is a good start, Olivier also notes that there are many tools in the market, some of them available for free, that can conduct a vulnerability assessment on your network. The results of these assessments never cease to shock business leaders.

Ozone supplies a range of tools to assist in cybersecurity. Some of these are:

• GFI Languard: A network security scanning and automated patch management application that allows companies to discover and fix vulnerabilities while also auditing the network and the attached assets.

• Kerio Control Firewall: Available as software or hardware device, Kerio is an all-in-one solution incorporating a network firewall and router, intrusion detection and prevention (IPS), gateway antivirus, VPN and content filtering.

• Exinda: A bandwidth management and network optimisation solution that helps reduce network costs and enforces policies relating to the appropriate use of the network.

• Nuix: This includes a set of tools that allow for forensics investigation as well as network visibility.

• Progress MOVEit: An application that enables companies to securely transfer data, providing encryption and a full tracking of the data.

For more information, contact Henk Olivier, Ozone IT Distribution, +27 10 591 5588, [email protected],

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

SMART Estate Security returns to KZN
Nemtek Electric Fencing Products Technews Publishing Axis Communications SA OneSpace Editor's Choice News & Events Integrated Solutions IoT & Automation
The second SMART Estate Security Conference of 2024 was held in May in KwaZulu-Natal at the Mount Edgecombe Estate Conference Centre, which is located on the Estate’s pristine golf course.

Creating employment through entrepreneurship
Technews Publishing Marathon Consulting Editor's Choice Integrated Solutions Residential Estate (Industry)
Eduardo Takacs’s journey is a testament to bona fide entrepreneurial resilience, making him stand out in a country desperate for resilient businesses in the small and medium enterprise space that can create employment opportunities.

2024 Southern Africa OSPAs winners announced
Editor's Choice
The 2024 Southern Africa Outstanding Security Performance Awards (OSPAs) winners were revealed on Tuesday, June 11th, at the Securex South Africa Seminar Theatre hosted by SMART Security Solutions.

Resident management app shows significant growth
Editor's Choice
My Estate Life is a mobile app for residents and managers in housing estates and buildings. Its core aim is to be an easy gateway for residents to manage visitors and staff, and to communicate and administer general property in a simple interface.

Local manufacturing is still on the rise
Hissco Editor's Choice News & Events Security Services & Risk Management
HISSCO International, Africa's largest manufacturer of security X-ray products, has recently secured a multi-continental contract to supply over 55 baggage X-ray screening systems in 10 countries.

NEC XON shares lessons learned from ransomware attacks
NEC XON Editor's Choice Information Security
NEC XON has handled many ransomware attacks. We've distilled key insights and listed them in this article to better equip companies and individuals for scenarios like this, which many will say are an inevitable reality in today’s environment.

The future of digital identity in South Africa
Editor's Choice Access Control & Identity Management
When it comes to accessing essential services, such as national medical care, grants and the ability to vote in elections to shape national policy, a valid identity document is critical.

Do you need a virtual CIO?
Editor's Choice News & Events Infrastructure
If you have a CIO, rest assured that your competitors have noticed and will come knocking on their door sooner or later. A Virtual CIO service is a compelling solution for businesses navigating tough economic conditions.

AI-enabled tools reducing time to value and enhancing application security
Editor's Choice
Next-generation AI tools are adding new layers of intelligent testing, audit, security, and assurance to the application development lifecycle, reducing risk, and improving time to value while augmenting the overall security posture.

Perspectives on personal care monitoring and smart surveillance
Leaderware Editor's Choice Surveillance Smart Home Automation IoT & Automation
Dr Craig Donald believes smart surveillance offers a range of options for monitoring loved ones, but making the right choice is not always as simple as selecting the latest technology.