Protecting sensitive client information has never been more important, as data breaches and hacks become more prevalent.
The heated commentary on South Africa’s Cybercrimes and Cybersecurity Bill, the petition against it and the increased risk of global cyberattacks have placed large enterprises under pressure to ensure they have the most stringent cybersecurity.
The 2017 Ponemon Cost of Data Breach Study shows that data breaches cost South African companies R32m and response fees cost (on average) R8.1m–with malicious and criminal attacks being the most common data breaches in South Africa.
How would a big business go about ensuring their data is protected? Despite the myriad of tips floating around on the internet, your first port of call is to understand the intricacies of cybersecurity.
Michael Geyser, a tech team lead at BBD, says he can easily chat about cybersecurity at length, as most organisations don’t realise how very broad a topic it is. The first step is to understand the three cybersecurity levels required by organisations:
* Infrastructural security: protecting your systems and networks from viruses, spyware, worms and hackers
* Informational security: protecting physical and digital data from unauthorised access, use, disclosure, disruption or modification
* Software security: ensuring your coded software is not the weak point in your organisation’s security. The last thing any business needs is for their software to be low-hanging fruit for unwanted parties.
Geyser explains that “you will never be perfectly secure, but your aim should be a high percent coverage”. He goes on to say that “even a small breach, is a massive risk”, especially when you’re dealing with sensitive client information.
He offers some tips on protecting sensitive client information:
* Quantify and understand your security exposure with a specialist company;
* Restrict unnecessary software on your systems;
* With cloud computing and the risk of threats at an all-time high, treat everything as hostile;
* Secure your admin pages, even from your own users;
* Look at having your internal departments treated as hostile to each other by your firewall. This will mean you have smaller “inside” fenced areas on your network;
* Have tough access control, limit your access environment;
* Regularly change passwords and use salted password hashing and encryption (and obviously don’t write them down);
* Limit uploads to reduce that threat vector; and
* Most importantly, educate your staff on everyday cybersecurity habits.
Ultimately, Geyser believes to protect your client information you need to make sure that everything has been coded defensibly. Without this, your enterprise could be at risk.
