George Parrott, the commercial partner at King Price
For many South Africans, ‘working from anywhere has become the hottest trend in town. They’re not just working from home: they’re working from their local coffee shops, public places and even other countries. In the process, they’re exposing their employers to a world of new cyber-security threats – and many businesses aren’t doing enough to manage their risks.
2021 was a record year for data breaches, according to the Identity Theft Resource Center – but many companies still think it will never happen to them. Interpol estimates that nine out of every 10 African businesses are operating without the necessary cybersecurity protocols in place, putting themselves and their clients at risk of massive financial loss.
The problem is that working from anywhere means cyber-threats are everywhere, and companies of all sizes must take extra precautions to secure their IT systems and company and customer data.
The biggest problem is when they work remotely, employees do things they wouldn’t do at the office. They share devices with other family members or use the same device for both personal and work activities. They install their own software and apps or insert thumb drives without first making sure where they come from. Many even actively try to get around company security measures or don’t install the latest security patches and updates.
So, how do you allow your employees the freedom to work remotely while staying secure?
Educate your people
In the world of cyber-security, people are the weakest link. You can have all the security and firewalls in the world, but it counts for nothing if one employee clicks on a dodgy link in an SMS or an email, and boom. I cannot stress how important it is to not only have a strong remote working security policy but to constantly keep security top of mind with every single employee.
Keep the crown jewels safe
It’s important to get the security basics in place: a firewall and enterprise-level anti-virus software, and backing up data regularly. Businesses must also be able to control who is able to access their information. That means ensuring robust verification of everyone who wants to access company systems and networks, and keeping a log of who accesses the system and when. Something else to consider is having some form of cyber insurance in place, to help cover your business in case it becomes a victim of such cybercrimes.
Use a VPN
If your people work remotely, or use their personal devices for work, virtual private networks (VPNs) are a critical tool. A VPN provides a secure, reliable connection to your company’s computer systems, even if your people are logging on from public Wi-Fi. All your internet traffic is then routed through an encrypted virtual ‘tunnel’ that is secure and private.
Get those updates done
When your device is in the office and connected to the company network, security updates are installed automatically. Away from the office, it’s the Wild West, with many remote employees either postponing or avoiding installing updates. You’ve got to make it as easy as possible for your people to stay updated, otherwise, you’re putting yourself at risk.
The risks are immense: a cyberattack can literally put a small to mid-sized company out of business. The IBM 2019 Cost of a Data Study puts the average total cost of a data breach in South Africa at R43.3 million. Globally, an Inc.com study suggests that 60% of small businesses close their doors within 6 months of an attack.
Adding an extra layer of complexity is South Africa’s Protection of Personal Information Act (POPIA), which fundamentally changed the way businesses deal with consumers’ personal information. If your business is hacked, and you don’t have the correct procedures and safeguards in place, you could get fined by the Regulator.