For many South Africans, ‘working from anywhere’ has become the hottest trend in town. They’re not just working from home: they’re working from their local coffee shops, public places, and even other countries.
In the process, they’re exposing their employers to a world of new cyber-security threats – and many businesses aren’t doing enough to manage their risks, says insurer King Price.
Many companies still think it will never happen to them, says George Parrott, a commercial partner at King Price. Interpol estimates that nine out of every 10 African businesses are operating without the necessary cybersecurity protocols in place, putting themselves and their clients at risk of massive financial loss.
“The problem is that working from anywhere means cyber-threats are everywhere, and companies of all sizes must take extra precautions to secure their IT systems and company and customer data,” said Parrott.
The biggest problem is that, when they work remotely, employees do things they wouldn’t do at the office. They share devices with other family members or use the same device for both personal and work activities. They log on to unsecured WiFi networks. They install their own software and apps or insert thumb drives without first making sure where they come from. Many even actively try to get around company security measures, or don’t install the latest security patches and updates.
So how can businesses allow their employees the freedom to work remotely while staying secure? Parrott shares four tips and highlights the importance of being proactive to ensure that the correct processes and protection are in place.
* Educate your people – In the world of cyber-security, people are the weakest link. You can have all the security and firewalls in the world, but it counts for nothing if one employee clicks on a dodgy link in an SMS or an email. “I cannot stress how important it is to not only have a strong remote working security policy, but to constantly keep security top of mind with every single employee,” says Parrott.
* Keep the crown jewels safe – It’s important to get the security basics in place: a firewall, enterprise-level anti-virus software, and regular data back-ups. Businesses must also be able to control who is able to access their information. That means ensuring robust verification of everyone who wants to access company systems and networks, and keeping a log of who accesses the system and when. Something else to consider is having some form of cyber insurance in place, to help cover your business in case it becomes a victim of cybercrimes despite all efforts to prevent this from happening.
* Use a VPN – If your people work remotely, or use their personal devices for work, virtual private networks (VPNs) are a critical tool. A VPN provides a secure, reliable connection to your company’s computer systems, even if your people are logging on from public WiFi, says Parrott. All internet traffic is then routed through an encrypted virtual ‘tunnel’ that is secure and private.
* Get those updates done – When your device is in the office and connected to the company network, security updates are installed automatically. Away from the office, it’s the Wild West, with many remote employees either postponing or avoiding installing updates. “You’ve got to make it as easy as possible for your people to stay updated, otherwise you’re putting yourself at risk,” said Parrott.
The risks are immense: a cyberattack can literally put a small to mid-sized company out of business. The IBM 2019 Cost of a Data Study puts the average total cost of a data breach in South Africa at R43.3 million. Globally, an Inc.com study suggests that 60% of small businesses close their doors within six months of an attack.
Adding an extra layer of complexity is South Africa’s Protection of Personal Information Act (POPIA), which fundamentally changed the way businesses deal with consumers’ personal information. If your business is hacked, and you don’t have the correct procedures and safeguards in place, you could get fined by the Regulator.