Education reduces cyber risks

Issue 2 2020 Editor's Choice

While there are endless products available that promise to deal with cyber-attacks, they will all tell you that they don’t guarantee 100% security. The fact is that the nature and scope of cybercrime is so vast that there is no solution that can do everything, even the ones you pay a fortune for.

Henk Olivier.

When it comes to the SME (small to medium enterprise) market, the cybersecurity issue is worse. These companies have restricted budgets and rarely have the skills required to effectively manage their cyber risks. Henk Olivier, MD of Ozone IT Distributors recently did some research into what the main vulnerabilities in this sector are.

While Olivier can list pages of risks and vulnerabilities related to hardware and software used in these companies, he found that the primary cyber risk SMEs face is a lack of knowledge and understanding of how to do the basics to reduce your cyber-attack surface.

Olivier provides the example of phishing, one of the most common and easiest ways for cybercriminals to get into your systems. Many employees don’t understand what this is and how they can identify it. Moreover, many bosses don’t take it seriously either. Taking it further, many of these companies don’t have a basic IT usage policy that stipulates what can or can’t be done on the company’s IT systems, or what is expected of employees using the company’s technology. This is a problem in as many as 80% of SMEs.

Restricting access and email data

Another common problem relates to Wi-Fi connections. Most SMEs have Wi-Fi connectivity due to its convenience and ease of use, however, they have one password to access the Wi-Fi network and staff use this to connect their own devices – such as smartphones, personal laptops and so on. This is a risk as any malware on those devices can easily be transferred to the company’s IT systems and disrupt the business. This is especially true in smaller companies without the skills and cybersecurity tools to protect themselves.

In addition, staff often subscribe to newsletters and do online shopping using their work email addresses. While this may seem innocent enough, if the company behind the shopping site or newsletter is hacked, the criminals know something about your company, i.e. your domain and a user name.

What makes this more dangerous is that people have a nasty habit of reusing passwords. So if the hackers get the user’s email address and password, the first thing they do is see if the password will get them into the SME’s server.

The ideal, according to Olivier, is to educate staff not to use their work email addresses for any non-work purposes. There are plenty of free email services available they can make use of. Basic education in terms of not reusing passwords and choosing complex passwords will also go a long way to mitigating the cyber risks the company faces.

It should be noted that education is as important to the directors and owners of the business – if not more so as they will have to deal with the fallout and losses associated with a cyber breech (and it is incorrect to assume small businesses are not in the line of fire). And now that PoPIA (Protection of Personal Information Act) has an official start date, owners and directors will be held accountable for breeches that expose sensitive data.

Three controls the SME needs

As noted, there are endless options to choose from when it comes to cybersecurity tools, however, Olivier says there are three controls SMEs should see as essential.

1. Every desktop and laptop must have an antivirus program installed that is updated daily.

2. For business connectivity to the Internet, the SME must have a firewall. This doesn’t mean just having a firewall, but also configuring it correctly to meet your business’s security requirements. Fortunately there are managed services options that allow companies to use firewalls that are remotely managed by professionals.

3. Wi-Fi control is critical for the SME as this presents an easy way into your network. Companies should not have an open Wi-Fi network that anyone can connect to. There are many solutions available today that allow companies to set up a separate network that is connected to the Internet only, but not the company network. This can be made available to guests, while the primary network is limited to staff.

While this is a good start, Olivier also notes that there are many tools in the market, some of them available for free, that can conduct a vulnerability assessment on your network. The results of these assessments never cease to shock business leaders.

Ozone supplies a range of tools to assist in cybersecurity. Some of these are:

• GFI Languard: A network security scanning and automated patch management application that allows companies to discover and fix vulnerabilities while also auditing the network and the attached assets.

• Kerio Control Firewall: Available as software or hardware device, Kerio is an all-in-one solution incorporating a network firewall and router, intrusion detection and prevention (IPS), gateway antivirus, VPN and content filtering.

• Exinda: A bandwidth management and network optimisation solution that helps reduce network costs and enforces policies relating to the appropriate use of the network.

• Nuix: This includes a set of tools that allow for forensics investigation as well as network visibility.

• Progress MOVEit: An application that enables companies to securely transfer data, providing encryption and a full tracking of the data.

For more information, contact Henk Olivier, Ozone IT Distribution, +27 10 591 5588, [email protected],

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Security risk and the sum of small things
Leaderware Editor's Choice
Dr Craig Donald advises that the small things we often write off as unimportant can quickly scale to become serious threats to security and safety.

Specialised surveillance and communications
Technews Publishing Editor's Choice News Integrated Solutions Residential Estate (Industry)
Hi-Tech Security Solutions spoke to Arcanum Africa’s Peter Stolwerk and Aaron van Schaik to find out a bit more about the company and the unique products it is bringing to the local market.

From Hill Street Blues, to Hillbrow, to managing risk for BMW
Technews Publishing Editor's Choice News Security Services & Risk Management
Jane-Eleanor Morrison’s success story starts from growing up in the stressful pre-democracy times in KZN, moves through a successful career in SAPS. to BMW South Africa where she is now the risk control manager.

Locally designed lock designed to stay locked
Editor's Choice
The new Blade Lock makes it close to impossible to break a lock by conventional means; combined with the Smart Gate, your security behind the door is certain.

Water deluge fire suppression system
FS Systems Editor's Choice Fire & Safety Mining (Industry) Products
The FS Group custom-designed and installed an electronically actuated water deluge fire suppression system for an underground explosives magazine, ensuring both the safety of miners and operations, as well as regulatory compliance.

A cyber security mesh platform underpins an interconnected digital world
Editor's Choice
In a world of interconnected people, devices, networks and applications, a cybersecurity mesh platform is the answer to mitigating ever-present cyber risks.

Look again at security automation
Editor's Choice
Hila Meller, BT Security, global head of sales, shares BT’s learnings on the top five things to consider for your security automation journey.

South Africa adopts ISO standard to guide use of social media in emergencies
Editor's Choice
The South African Bureau of Standards (SABS), through its technical committee, has adopted the ISO 22329 standard that provides guidance on the use of social media during an emergency or crisis.

Free and open-source tool for detecting stalkerware
Editor's Choice
Kaspersky has unveiled a new hub dedicated to TinyCheck, a unique, innovative tool designed to detect stalkerware on mobile devices.

Look before you leap into a back-up power solution
Editor's Choice Security Services & Risk Management
Before you rush into purchasing a back-up power solution, you need to take a considered and long-term view of how to get yourself as close to grid independence as possible.