Cybersecurity is not an event or a once-off checklist, rather it is about building a security mindset in the face of ever-evolving threats, say cybersecurity experts at Altron Karabina, as South Africa joins the rest of the world in observing cybersecurity month.

Keitumetse (KT) Mogodi and Reggie Nkabinde, consultants: modern platform security at Altron Karabina, says that, despite rapidly improving technology designed to defend against cyber criminals, the digital hygiene of users is of paramount importance.

While security experts are responsible for ensuring that best practices and tools, and the essential principles of security, are in place, it would be fairly futile if there wasn’t a requisite investment in awareness and education for end users, they say. Addressing security can in many ways are seen as a joint venture between security experts and organisation representatives that keep staff informed and educated.

“Data and cyber security really should be part of your daily routine,” says Mogodi. “Just as we look after our physical security by being aware and conscious of our surroundings, in addition to physical security investments to protect us, so too should people think about cybersecurity.”

Mogodi says large breaches that make the news regularly serve to keep high-profile cybercrime front of mind, but that “every day, every time we use a device, there is a risk that something can happen. You just never know when a malicious email will land or an attack will happen. Be present and alert.”

Nkabinde agrees, adding that it is important that all users educate themselves, not just those tasked with managing cybersecurity in businesses. “Users must familiarise themselves with what’s happening around the world regarding cybersecurity and breaches. Google is your friend – stay up to date with the news and the latest developments.

“This will ensure that users are ‘cyber aware’, so to speak. Look at the best digital hygiene and security practices. Do you have an appropriate password and multi-factor identification? Have you learnt how to ensure that your data is encrypted? What are the latest tools you can use? Do you know what to look out for so as not to fall victim to a phishing attack or open the door to your organisation? Do you pay attention to simple things like tone, colours, URLs, and more?”

Mogodi and Nkabinde say that there is a risk that the best-laid plans in an organisation can become unstuck if the users are not on top of their own cyber behaviour. “This makes ongoing education and awareness an absolute necessity for businesses, and this needs to be driven from the top of the organisation down,” says Nkabinde.

Mogodi agrees that user awareness is crucial, adding that specialist partners will help businesses design their data footprint and identify all their weak spots, but even then, there need to be ongoing awareness campaigns that teach users that every time they log into the company systems without due care, there is a risk they could open a door for criminals.

Despite cyber risks, which are brought to everyone’s attention during awareness campaigns, computing in the cloud can be comparatively more secure than legacy on-prem environments, says Nkabinde. “A specialist partner will work closely with a business to ensure that the core principles of cloud computing are adhered to, including working alongside staff representatives to drive awareness, while identifying the best technology tools to help secure the organisation and its data.”