"From a financial perspective, cybercrime cost South Africa over R4 million last year with more than 4646 online adults becoming victims of cybercrime every day in the last year, and incurring an additional R7.1 million loss in time spent resolving the crime. Local businesses simply cannot afford these kinds of interruptions in 2012 and must take the necessary precautions," says Robert Boccia, executive: IT at Lion of Africa Insurance.
He warns that one of the most vulnerable areas for a company is its internal data security procedures. The majority of data contamination and loss of intellectual property occurs because of security breaches within organisations. For this reason, he urges South African businesses to tighten up internal data storage security, as well as to protect data from external breaches, in order to maintain their competitive advantage.
"It is not only hacking that companies need to look out for. Hacking involves sophisticated and invasive coding, where the challenge is usually simply to gain entry into a closed system. The greater danger is internal security breaches such as password sharing and the circulation of unprotected emails within a company, which allow criminals access to confidential information."
He advises companies to screen their employees, who handle confidential company information, carefully. "At a low level, this can be done by means of a simple credit check. It is also vital that employees are trained as to how to use internal systems, so that they can be held accountable for the security of the data."
It is important firstly, to extend perimeter protection beyond just the firewall and to ensure that a comprehensive security threat assessment is included as part of your security strategy. Secondly, is the importance of having internal management systems that incorporate updating antivirus and anti-malware automatically so that users do not need to worry about whether or not their systems are always up to date.
Furthermore, it is imperative to commission regular penetration and vulnerability tests, which assess the effectiveness of the security measures and can detect the possibility of an internal or external breach of security.
"Today, the nature of business means that companies are storing huge amounts of data on central servers. Company executives, CEO's and junior employees use this data alike and most of this information may be construed as confidential and sensitive. The challenge is to implement processes and procedures that allow the appropriate people access to the system but ensure the security of the data at the same time," he concludes.
