Three Peaks - Cyber Security 101

2014-08-18

Written by Wayne

An important shift has occurred in the cyber security landscape of late. To keep pace in an ever more competitive world, businesses are adopting new ways of doing business, making them more dependent than ever on connected services like web-based and mobile platforms, exposing them to new security challenges. In addition, the explosion in data leaves organizations vulnerable to attack, while the lack of properly trained staff leaves them short-handed. Finally, a patchwork security system and poor visibility across tools and processes provides ample opportunity for cyber criminals to exploit vulnerabilities and security holes.

While some criminals focus on very large companies, others select companies that lack the levels of security found in larger enterprises. In fact, smaller companies are more exposed than ever: 30 percent of phishing attacks now affect organizations with fewer than 250 employees. Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.

Apart from the obvious implications for smaller companies with respect to compromised data, the legal implications for overlooking your responsibility to protect your customers’ information, which has been legislated under the Protection of Personal Information Bill, could mean reputational damage, millions in fines and even jail time. Put bluntly, if your organisation processes personal information, then complying with POPI is your problem. 

So, where do we start? With the online world becoming increasingly complex, cyber criminals waiting in the code, and POPI driving accountability, how do we begin to familiarise ourselves with cyber security good practice. Well, we’re going to try to assist you there. Our intention is to start a conversation that serves to educate rather than to complicate. We know cyber security is foreign to most, especially in the SMME arena, so we’re going to keep it simple and feel our way step by step. This month, we’ll start with you, the individual, and your daily habits. If we want to see our organisation’s cyber security improve then we need to start with our personal habits and work our way from there. Our hope is there was a point or two that made you reconsider your own habits. If you’re already aware of these areas of vulnerability then you’re on your way to a more secure online experience. Next month, we’ll consider your employees’ habits, probably the most overlooked and vulnerable area of them all.