With the threat of cyber-crime and insider fraud on the rise, Kenyan companies should be looking towards cloud applications as one means of improving the security of their IT environments.
That’s the word from Dr Rutendo Hwindingwi, divisional director for Sage East and West Africa, who says that Kenyan organisations are wrestling with the growing danger posed by threats such as malware, hackers, and theft of computing devices.
Most enterprises – especially small and medium-sized businesses feel ill-prepared for the risk that cyber-crime poses to their business, he adds. They lack the budget and the specialist IT expertise they need to defend their businesses against today’s sophisticated cyber-criminal.
Kenyan organisations lost some Sh15 billion to cyber-crime in 2014, reveals the 2015 Cyber Security Report. The document was authored by Serianu Cyber Threat Intelligence Team, PKF Consulting and the United States International University-Africa’s Centre for Informatics Research and Innovation.
According to the paper, 64% of respondents were not trained in cybersecurity issues at all and 20% lacked sufficient cyber security budgets.
Though the public sector was hardest hit by cybercrime, smaller organisations also need to be aware of the growing list of dangers they face, says Dr Hwindingwi. It is particularly alarming that cyber-crime tripled in 2014 over 2013, indicating a country-wide lack of skills and resources to address the problem, he adds.
“Running your own IT infrastructure today is complex and expensive, especially if you are going to run your own server room,” says Dr Hwindingwi. “You need to invest in firewalls and antimalware software, be ready to patch your operating systems and applications, and have specialist skills who are up-to-date with the latest threats.”
Against this backdrop, many organisations are starting to look to the cloud as one way of improving their IT security. Leading providers of online payroll and accounting applications, for example, host the software and their clients’ data in secure data centres underpinned by world-class technology, including the latest security.
Access to this specialised data centre is restricted, with only authorised personnel being able to enter. Around-the-clock armed security employees together with CCTV keep a watchful eye over it. This will free SMEs from doing backups, buying and installing new versions of the software, and fencing their data behind high security software.
When it comes to accessing the software, each user requires a unique password and username is required. Only invited persons are given access, using their own passwords and usernames. It is easy to track who has accessed the system and changed the data, making it harder for insider fraudsters to tamper with the records.
Dr Hwindingwi notes that one of the most common problems when it comes to information security in East Africa is the high rate of device theft. With the cloud, there’s less risk of losing data stored on a laptop or a USB stick because everything is stored in the cloud and not on devices that could be lost or stolen.
“Of course, that doesn’t mean you can neglect information security in your business. You’ll still be using your own devices to access the cloud, so there are some security vulnerabilities you need to take care of on your side,” Dr Hwindingwi adds.
He offers some ideas about how to protect a business from data security threats:
* Educate your end-users about the basics of information security – for example, make sure they know why they need to choose strong passwords and that they’re alert to the dangers of phishing emails designed to persuade them to give their log-in details to people with criminal intentions.
* Install antivirus and anti-malware software on your laptops and desktop computers, and then keep it up to date with the latest definitions.
* Get serious about mobile security. Lock your device behind a PIN code or password when not in use so hackers or thieves can’t access your data. Also, most mobile devices today allow you to track their location or remotely wipe data. It’s a good idea to enable this functionality just in case the device goes missing.
* Keep software up to date with security patches: When it comes to desktops and notebooks, be sure to keep your operating systems and browsers up to date with the latest security patches.
* Where your cloud provider allows it, enable two-factor authentication. For example, you could set your account up to ask for a code sent to you by SMS when you log in or use a fingerprint in addition to a password.
* Be careful about where you log into cloud services. Be wary of unsecured public WiFi networks.
“The future is mobile and we are giving our customers the power to control their businesses from the palm of their hand, thanks to the power of the cloud. We connect our customers to accountants and partners with real time and intuitive information about their business” Dr Hwindingwi says. “And we’re doing it in a way that helps our clients improving the security and integrity of their data.”