Education reduces cyber risks

Issue 2 2020 Editor's Choice

While there are endless products available that promise to deal with cyber-attacks, they will all tell you that they don’t guarantee 100% security. The fact is that the nature and scope of cybercrime is so vast that there is no solution that can do everything, even the ones you pay a fortune for.


Henk Olivier.

When it comes to the SME (small to medium enterprise) market, the cybersecurity issue is worse. These companies have restricted budgets and rarely have the skills required to effectively manage their cyber risks. Henk Olivier, MD of Ozone IT Distributors recently did some research into what the main vulnerabilities in this sector are.

While Olivier can list pages of risks and vulnerabilities related to hardware and software used in these companies, he found that the primary cyber risk SMEs face is a lack of knowledge and understanding of how to do the basics to reduce your cyber-attack surface.

Olivier provides the example of phishing, one of the most common and easiest ways for cybercriminals to get into your systems. Many employees don’t understand what this is and how they can identify it. Moreover, many bosses don’t take it seriously either. Taking it further, many of these companies don’t have a basic IT usage policy that stipulates what can or can’t be done on the company’s IT systems, or what is expected of employees using the company’s technology. This is a problem in as many as 80% of SMEs.

Restricting access and email data

Another common problem relates to Wi-Fi connections. Most SMEs have Wi-Fi connectivity due to its convenience and ease of use, however, they have one password to access the Wi-Fi network and staff use this to connect their own devices – such as smartphones, personal laptops and so on. This is a risk as any malware on those devices can easily be transferred to the company’s IT systems and disrupt the business. This is especially true in smaller companies without the skills and cybersecurity tools to protect themselves.

In addition, staff often subscribe to newsletters and do online shopping using their work email addresses. While this may seem innocent enough, if the company behind the shopping site or newsletter is hacked, the criminals know something about your company, i.e. your domain and a user name.

What makes this more dangerous is that people have a nasty habit of reusing passwords. So if the hackers get the user’s email address and password, the first thing they do is see if the password will get them into the SME’s server.

The ideal, according to Olivier, is to educate staff not to use their work email addresses for any non-work purposes. There are plenty of free email services available they can make use of. Basic education in terms of not reusing passwords and choosing complex passwords will also go a long way to mitigating the cyber risks the company faces.

It should be noted that education is as important to the directors and owners of the business – if not more so as they will have to deal with the fallout and losses associated with a cyber breech (and it is incorrect to assume small businesses are not in the line of fire). And now that PoPIA (Protection of Personal Information Act) has an official start date, owners and directors will be held accountable for breeches that expose sensitive data.

Three controls the SME needs

As noted, there are endless options to choose from when it comes to cybersecurity tools, however, Olivier says there are three controls SMEs should see as essential.

1. Every desktop and laptop must have an antivirus program installed that is updated daily.

2. For business connectivity to the Internet, the SME must have a firewall. This doesn’t mean just having a firewall, but also configuring it correctly to meet your business’s security requirements. Fortunately there are managed services options that allow companies to use firewalls that are remotely managed by professionals.

3. Wi-Fi control is critical for the SME as this presents an easy way into your network. Companies should not have an open Wi-Fi network that anyone can connect to. There are many solutions available today that allow companies to set up a separate network that is connected to the Internet only, but not the company network. This can be made available to guests, while the primary network is limited to staff.

While this is a good start, Olivier also notes that there are many tools in the market, some of them available for free, that can conduct a vulnerability assessment on your network. The results of these assessments never cease to shock business leaders.

Ozone supplies a range of tools to assist in cybersecurity. Some of these are:

• GFI Languard: A network security scanning and automated patch management application that allows companies to discover and fix vulnerabilities while also auditing the network and the attached assets.

• Kerio Control Firewall: Available as software or hardware device, Kerio is an all-in-one solution incorporating a network firewall and router, intrusion detection and prevention (IPS), gateway antivirus, VPN and content filtering.

• Exinda: A bandwidth management and network optimisation solution that helps reduce network costs and enforces policies relating to the appropriate use of the network.

• Nuix: This includes a set of tools that allow for forensics investigation as well as network visibility.

• Progress MOVEit: An application that enables companies to securely transfer data, providing encryption and a full tracking of the data.

For more information, contact Henk Olivier, Ozone IT Distribution, +27 10 591 5588, [email protected], www.ozone.co.za




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

SMARTpod talks to The Risk Management Forum
SMART Security Solutions Editor's Choice News & Events Security Services & Risk Management Videos Training & Education
SMART Security Solutions recently released its first SMARTpod podcast, discussing the upcoming Risk Management Forum Conference 2024, which will be held on 26 September 2024 at the Indaba Conference Centre in Fourways, Johannesburg.

Read more...
There is a SaaS for everything, but at what cost, especially to SMEs?
Editor's Choice Information Security Security Services & Risk Management
Relying on SaaS platforms presents significant cybersecurity risks as the number of providers in your landscape increases, expanding your attack surface. It is important to assess the strength of the SaaS providers in your chain.

Read more...
New State of Physical Access Control Report from HID
HID Global Editor's Choice Access Control & Identity Management News & Events
HID released the 2024 State of Physical Access Control Report, identifying five key trends shaping access control's future and painting a picture of an industry that has been undergoing considerable transformation.

Read more...
Addressing today’s mining challenges: cyber risks beyond IT
Editor's Choice Information Security Mining (Industry)
Despite the mining industry’s operational technology systems being vulnerable to cyberattacks, many decision-makers still see these threats as purely an IT issue, even though a breach could potentially disrupt mining operations.

Read more...
Workforce Consortium to reskill 95 million people
Editor's Choice News & Events AI & Data Analytics
ICT Workforce Consortium of global leaders has come together, committing to train and upskill 95 million people over the next 10 years, as 92% of jobs analysed are expected to undergo either high or moderate transformation due to advancements in AI.

Read more...
How is technology changing the industry?
Editor's Choice
SASA and the International Code of Conduct for Security Providers Association (ICoCA), a Geneva-based organisation, will hold a consultative workshop in South Africa in September to discuss how technology is changing the industry and the associated risks.

Read more...
Securex South Africa 2024 attracts high-end decision-makers
Securex South Africa Editor's Choice News & Events Videos
Securex South Africa 2024, co-located with A-OSH EXPO, Facilities Management Expo, and Firexpo 2024 from 11 to 13 June at Gallagher Convention Centre in Midrand, retained its reputation of attracting key decision makers intent on finding customised security solutions.

Read more...
Bomb threat landscape in South Africa
Editor's Choice Security Services & Risk Management
Over the past 25 years, South Africa has faced thousands of bomb threats and explosive incidents annually, imposing a significant economic burden on the nation, costing billions of rand.

Read more...
SMART Surveillance at the Indaba
SMART Security Solutions Editor's Choice Surveillance Videos
SMART Security Solutions hosted its second SMART Surveillance conference, focusing on a range of topics related to the video surveillance market, on July 11th, 2024, at the Indaba Conference Centre in Fourways.

Read more...
Autonomous construction site protection
Editor's Choice Perimeter Security, Alarms & Intruder Detection
Ajax provides an autonomous security solution for a German construction site that is easy and flexible to install. It provides security against intrusions and theft via a 360-degree view.

Read more...