President Jacob Zuma signed the Protection of Personal Information Act (POPI) into law on 27th November 2013. The bill will see companies needing to protect consumers' private information at all costs. Failure to do so will result in penalties and fines. In a recent article, Samuel Mungadze says, "Companies will face potential multimillion-Rand fines, civil claims and reputational damage unless they upgrade IT security systems ahead of the implementation of new privacy laws."
In view of the looming POPI, reviewing your businesses IT security policy is essential.
Many businesses today collect leads' or customers' information in order to send them marketing materials. Employees' personal information and banking details need to be protected too.
In addition, South Africa seems to be a soft target for cyber criminals.
Last year, South Africa ranked third in the world for incidents of cybercrime. Business Day claimed that this was due to paper-thin IT security measures. According to Microsoft SA, one in five SMME businesses in South Africa has already been targeted, and globally, enterprises will spend almost $500bn to combat malware associated with pirated software.
With cybercrime an ever-present reality, firms are now more than ever seeing the need to implement measures to secure the corporate environment and minimize the risks associated with unauthorized intrusions. Added to the very real risk of intrusion, data theft and corruption, once the POPI act is in place, businesses will be liable to be fined and taxed for failing to have sufficient IT privacy and security measures in place.
Corporate IT environments can be compromised in a number of ways:
Phishing (generally email driven) remains one of a cyber-criminal's favourite measures to steal data.
The growing trend of BYOD - 'bring your own device' to work - which often encompasses users connecting to servers with unprotected tablets and laptops.
Corporate devices that are not locked down compromise IT security because people are able to copy corporate data (financials, client lists, recipes etc.) to tiny USB devices, allowing them to take and use that data off-site.
Unfiltered access to the internet exposes the entire corporate network to infiltration by cyber-criminals when 'unsavoury' websites are accessed by an unsuspecting individual. This could even happen when a child of an employee uses a ‘BYOD’ at home.
Ineffective management of software security and operating system updates and patches leads to devices having out-dated software versions installed, creating an environment with a lack of IT security.
Giving users total freedom to download and install unauthorized software applications leads to compromised IT security. What's more, incidents in this category can easily lead to inefficiencies such a slow devices, full hard drives and consequent data loss.
A modern, simple to deploy and manage, cloud-hosted office protection and remote management system is the easiest way to ensure that your corporate IT security is effective, efficient and protects you from exposure to litigation. More importantly, this secures your corporate data - your most valuable corporate asset - from being exposed to cyber-criminals or competitors.
For more about an effective cloud-based security solution, download our free white paper here or find out more here.