Securing Your Business

Home networks are traditionally not as secure as corporate networks,” strong validation and threat protection to prevent hackers from extracting sensitive or confidential information.”

Lithebe emphasises the importance of encryption. “If encrypted data is lost through device theft, device breach or transmission breach, it will be useless to anyone unauthorised to receive it. However, this is not as easy as it sounds: encryption can be complex.”

What’s the cost?

Of course, cost is a factor that needs to be considered. Some protection measures are very affordable. Your computer’s firewall is the first step towards protection. Lithebe says that information security awareness pays dividends, and recommends that endpoint threat detection and response (ETDR) must be implemented, otherwise employee devices remain vulnerable to attacks that antivirus programs cannot detect.

“COVID-19 is not going anywhere,” says Lithebe. “Employers must consider providing cyber-security expert advice and services to employees at home, particularly for senior management and those dealing with sensitive information.”

Harmsen reminds businesses to check secure collaboration or sharing of data. “Use trusted shared data-cloud services, or a deployed secure managed file transfer solution that provides the required data protection and remote accessibility,” he says.

There is a silver lining to all this, however. “A data-protection strategy allows an organisation to innovate faster,” explains Harmsen, “by speeding up the ability to provide new services and securely take on new customers, and also provides a business with the ability to monetise data through a secure channel. Incorporating a data-security strategy can increase customer retention through inherent trust.” cautions Boland Lithebe, managing executive at CyberTech, a division of JSE-listed technology company Altron.

CyberTech won the security and network operations tender for the Gautrain Management Agency last year, admittedly a different landscape from working from home. Yet this does not relieve businesses in different settings from the responsibility to protect company data.

Small businesses should heed the risks of hackers. While modern routers offer advanced security for the home user, security settings must be switched on. “Failure to do so exposes sensitive data to malicious actors should they breach inadequately protected home networks,” says Lithebe.

Don’t be too trusting

“The new way of working has caught many employers off guard,” says Tallen Harmsen, head of cyber security at IndigoCube. “Remote employees are vulnerable to several avenues of attack. Hackers exploit the inherent trust people have in fellow employees or suppliers by crafting emails that appear to be sent from them, but in fact contain malicious links or malware that, once opened, infect, steal, encrypt or just destroy the users’ data. Make use of an anti-phishing service that continuously researches and updates known phishing emails. This can assist in early detection.”

Hacking should not be shrugged off as unlikely. “All sectors are targets,” says Lithebe, “but more so health, financial services, and lately government departments and state-owned enterprises.”

Another risk is sharing sensitive or confidential data. “The use of non-secure data-sharing methods, such as unauthorised cloud services or non-secure data transfer services, could result in sensitive or confidential data being lost or stolen,” explains Harmsen. Not all data-sharing cloud services provide the security required to protect data, he cautions. “Instead, they use basic security measures that can be easily bypassed by hackers.”

Protect your data

Another threat may be less obvious. “Many organisations are increasing the number of internal applications being exposed as web services externally, in an attempt to meet remote workforce connectivity requirements,” says Harmsen. “Protect these with strong validation and threat protection to prevent hackers from extracting sensitive or confidential information.”

Lithebe emphasises the importance of encryption. “If encrypted data is lost through device theft, device breach or transmission breach, it will be useless to anyone unauthorised to receive it. However, this is not as easy as it sounds: encryption can be complex.”

What’s the cost?

Of course, cost is a factor that needs to be considered. Some protection measures are very affordable. Your computer’s firewall is the first step towards protection. Lithebe says that information security awareness pays dividends, and recommends that endpoint threat detection and response (ETDR) must be implemented, otherwise employee devices remain vulnerable to attacks that antivirus programs cannot detect.

“COVID-19 is not going anywhere,” says Lithebe. “Employers must consider providing cyber-security expert advice and services to employees at home, particularly for senior management and those dealing with sensitive information.”

Harmsen reminds businesses to check secure collaboration or sharing of data. “Use trusted shared data-cloud services, or a deployed secure managed file transfer solution that provides the required data protection and remote accessibility,” he says.

There is a silver lining to all this, however. “A data-protection strategy allows an organisation to innovate faster,” explains Harmsen, “by speeding up the ability to provide new services and securely take on new customers, and also provides a business with the ability to monetise data through a secure channel. Incorporating a data-security strategy can increase customer retention through inherent trust.”