Looking at Liberty: How big is the human factor in the cybercrime epidemic?
This breach, as well as another recent one where close to a million personal records of South Africans were publicly exposed online, is testament to the fact that cybercrime is rampant in South Africa.
In a 2017 report, Gartner predicted that cybercrime might become the greatest threat to every person, place, and thing in the world within the next five years.
The human factor
On closer inspection, a common vulnerability linked to cybercrime has been the human factor.
Local findings have shown that one in three South African businesses has been hit by cybercrime, with this type of crime proving that people are the weakest link in this modern phenomenon.
The era of BYOD
From a business perspective, an element that is therefore tightly linked to the rise in cybercrime is employees using their personal devices for both personal and professional reasons. This is the era of bring your own device (BYOD) and the flexible workforce.
These same employees place businesses at risk by not having the right firewalls in place, not updating passwords and even opening up suspect emails, which provide hackers with the key to company infrastructure. These risks are further exasperated by the fact that many organisations have no defined security policies in place and that employees view IT security as a barrier rather than an enabler for business.
With employees at the heart of these vulnerabilities, HR professionals need to play a greater role in circumventing these potential threats. In order to tackle to issue head-on, HR professionals may consider these steps:
1. Defining the rules when working from home
The 2018 Mercer Talent Trends report revealed that 82% of executives say that flexible working is essential to their core business operations. As a result, the rise of the BYOD era is inevitable. HR professionals, however, need to ensure that the right policies are in place to enable this trend to evolve within a South African context. Employees should understand the need to keep their security software up to date.
2. Keeping abreast of security policies
HR professionals should also be made aware of the implications of the Protection of Personal Information Act (PoPIA). With the introduction of the Act, local businesses are now legally required to ensure that all client, supplier and employee information is stored, processed and destroyed in a manner that upholds privacy and protection of personal data. This includes sensitive employee data that should not fall into the wrong hands.
3. Understanding the potential risks posed by employees
The '2017 IBM X-Force Threat Intelligence Index' report findings showed that 60% of cyberattacks are the result of internal activities. Managers should therefore not only educate employees about the risks of cybercrime but also have policies in place for employees that do not adhere to the rules.
Ultimately, the global cost of cybercrime to businesses over the next five years is expected to be $8 trillion. Clearly, failure to take the reality of the cyberthreat seriously would be reckless.