The recent hacking of social networking website, LinkedIn, has put personal information of millions of users at risk as more than six million passwords were stolen. According to Robert Boccia, Executive: IT at Lion of Africa Insurance, this is the latest
“From a financial perspective, cybercrime cost South Africa over R4 million last year with more than 4 646 online adults becoming a victim of cybercrime every day in the last year, and incurring an additional R7.1 million loss in time spent resolving the crime. Local businesses simply cannot afford these kinds of interruptions in 2012 and must take the necessary precautions,” says Boccia.
He warns that one of the most vulnerable areas for a company is their internal data security procedures. Boccia says the majority of data contamination and loss of intellectual property occurs as a result of security breaches within an organisation. For this reason, he urges South African businesses to tighten up internal data storage security, as well as to protect data from external breaches, in order to maintain their competitive advantage.
“It is not only hacking that companies need to look out for. Hacking involves sophisticated and invasive coding where the challenge is usually simply to gain entry into a closed system. The greater danger is internal security breaches such as password sharing and the circulation of unprotected emails within a company which allow criminals access to confidential information.”
He advises companies to carefully screen their employees who handle confidential company information. “At a low level, this can be done by means of a simple credit check. It is also vital that employees are trained as to how to use internal systems, so that they can be held accountable for the security of the data.”
Boccia says that it is important to firstly, extend perimeter protection beyond just the firewall and to ensure that a comprehensive security threat assessment is included as part of your security strategy. Secondly, he stresses the importance of having internal management systems that incorporate updating antivirus and anti-malware automatically so that users do not need to worry about whether or not their systems are always up to date.
Furthermore, he says that it is imperative to commission regular penetration and vulnerability tests which assess the effectiveness of the security measures and can detect the possibility of an internal or external breach of security.
“The nature of business today means that companies are storing huge amounts of data on central servers. This data is used by company executives, CEO’s and junior employees alike and most of this information may be construed as confidential and sensitive. The challenge is to implement processes and procedures that allow the appropriate people access to the system but ensure the security of the data at the same time,” concludes Boccia.