Education reduces cyber risks

Issue 2 2020 Editor's Choice

While there are endless products available that promise to deal with cyber-attacks, they will all tell you that they don’t guarantee 100% security. The fact is that the nature and scope of cybercrime is so vast that there is no solution that can do everything, even the ones you pay a fortune for.


Henk Olivier.

When it comes to the SME (small to medium enterprise) market, the cybersecurity issue is worse. These companies have restricted budgets and rarely have the skills required to effectively manage their cyber risks. Henk Olivier, MD of Ozone IT Distributors recently did some research into what the main vulnerabilities in this sector are.

While Olivier can list pages of risks and vulnerabilities related to hardware and software used in these companies, he found that the primary cyber risk SMEs face is a lack of knowledge and understanding of how to do the basics to reduce your cyber-attack surface.

Olivier provides the example of phishing, one of the most common and easiest ways for cybercriminals to get into your systems. Many employees don’t understand what this is and how they can identify it. Moreover, many bosses don’t take it seriously either. Taking it further, many of these companies don’t have a basic IT usage policy that stipulates what can or can’t be done on the company’s IT systems, or what is expected of employees using the company’s technology. This is a problem in as many as 80% of SMEs.

Restricting access and email data

Another common problem relates to Wi-Fi connections. Most SMEs have Wi-Fi connectivity due to its convenience and ease of use, however, they have one password to access the Wi-Fi network and staff use this to connect their own devices – such as smartphones, personal laptops and so on. This is a risk as any malware on those devices can easily be transferred to the company’s IT systems and disrupt the business. This is especially true in smaller companies without the skills and cybersecurity tools to protect themselves.

In addition, staff often subscribe to newsletters and do online shopping using their work email addresses. While this may seem innocent enough, if the company behind the shopping site or newsletter is hacked, the criminals know something about your company, i.e. your domain and a user name.

What makes this more dangerous is that people have a nasty habit of reusing passwords. So if the hackers get the user’s email address and password, the first thing they do is see if the password will get them into the SME’s server.

The ideal, according to Olivier, is to educate staff not to use their work email addresses for any non-work purposes. There are plenty of free email services available they can make use of. Basic education in terms of not reusing passwords and choosing complex passwords will also go a long way to mitigating the cyber risks the company faces.

It should be noted that education is as important to the directors and owners of the business – if not more so as they will have to deal with the fallout and losses associated with a cyber breech (and it is incorrect to assume small businesses are not in the line of fire). And now that PoPIA (Protection of Personal Information Act) has an official start date, owners and directors will be held accountable for breeches that expose sensitive data.

Three controls the SME needs

As noted, there are endless options to choose from when it comes to cybersecurity tools, however, Olivier says there are three controls SMEs should see as essential.

1. Every desktop and laptop must have an antivirus program installed that is updated daily.

2. For business connectivity to the Internet, the SME must have a firewall. This doesn’t mean just having a firewall, but also configuring it correctly to meet your business’s security requirements. Fortunately there are managed services options that allow companies to use firewalls that are remotely managed by professionals.

3. Wi-Fi control is critical for the SME as this presents an easy way into your network. Companies should not have an open Wi-Fi network that anyone can connect to. There are many solutions available today that allow companies to set up a separate network that is connected to the Internet only, but not the company network. This can be made available to guests, while the primary network is limited to staff.

While this is a good start, Olivier also notes that there are many tools in the market, some of them available for free, that can conduct a vulnerability assessment on your network. The results of these assessments never cease to shock business leaders.

Ozone supplies a range of tools to assist in cybersecurity. Some of these are:

• GFI Languard: A network security scanning and automated patch management application that allows companies to discover and fix vulnerabilities while also auditing the network and the attached assets.

• Kerio Control Firewall: Available as software or hardware device, Kerio is an all-in-one solution incorporating a network firewall and router, intrusion detection and prevention (IPS), gateway antivirus, VPN and content filtering.

• Exinda: A bandwidth management and network optimisation solution that helps reduce network costs and enforces policies relating to the appropriate use of the network.

• Nuix: This includes a set of tools that allow for forensics investigation as well as network visibility.

• Progress MOVEit: An application that enables companies to securely transfer data, providing encryption and a full tracking of the data.

For more information, contact Henk Olivier, Ozone IT Distribution, +27 10 591 5588, info@ozone.co.za, www.ozone.co.za




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

IRMSA launches Risk Report for 2020
Issue 2 2020 , Editor's Choice
The Institute of Risk Management South Africa (IRMSA) has launched its sixth annual risk report, the IRMSA Risk Report SOUTH AFRICA RISKS 2020.

Read more...
Why is CCTV failing?
Issue 2 2020, Leaderware , Editor's Choice
It seems that a lot of the CCTV systems out there are largely for show, or to retrieve information afterwards.

Read more...
Leaders in risk and security - To succeed in security: keep learning
Issue 2 2020 , Editor's Choice
Adriaan Bosch studied agriculture, became a sniper in the British Army, then entered the private security industry in South Africa and hasn’t looked back.

Read more...
Redefining retail and the supply chain
Issue 2 2020 , Editor's Choice
Adriaan Bosch offers Hi-Tech Security Solutions readers eight trends that will redefine retail and supply chain security in 2020 and beyond.

Read more...
The importance of effective SLAs
Issue 2 2020, Technews Publishing, ISF SFP , Editor's Choice
A successful security installation that delivers over the long term requires ongoing maintenance and a reliable service provider.

Read more...
The impact of the COVID-19 virus on security
Issue 2 2020, Leaderware , Editor's Choice
The social and personal implications of the COVID-19 Corona virus has already had a devastating impact on countries, social institutions, communities, businesses and individuals.

Read more...
Securex postponed to August 2020 due to COVID-19
Issue 2 2020 , Editor's Choice, News, Conferences & Events
Specialised Exhibitions has opted to reschedule its Securex South Africa, A-OSH Expo and Facilities Management Expo trade shows to 18 to 20 August 2020.

Read more...
Innovation is no longer a nice-to-have
Issue 2 2020 , Editor's Choice
5G, IoT, artificial intelligence, machine learning, block chain and ledger technology are impacting the way in which business as we know it operates.

Read more...
Axis gives a brighter future to children
Issue 1 2020, Axis Communications SA , Editor's Choice
Fully networked camera solution provides visibility and accountability, letting orphanage focus on what’s important – its children.

Read more...
SFP Security & Fire becomes ISF SFP
Issue 1 2020, ISF SFP , Editor's Choice
SFP Security & Fire was sold to ISF in 2019, becoming ISF SFP and attaining Level-1 BEE status.

Read more...