By Irene Gaitirira
Published January 29, 2022
As remote working gains traction and stability across Africa, cybercriminals are exploiting every weakness they can find to wreak havoc on businesses and organisations.
A survey conducted in Kenya, Nigeria and South Africa in 2021 shows that remote working may have become an invaluable tool for organisations but that it comes with a security caveat – people have to be properly trained to recognise the risks inherent in online interactions.
“One of the immediate defences against cybercrime is an employee that has been well-trained and understands how to spot and report cyber threats,” says Anna Collard of KnowBe4 Africa that, together with Lynchpin and ITWeb, conducted the survey. “People should know what a social engineering attack looks like, and why they should not click on links or open attachments.”
RELATED: Market Volatility and Political Risks Worry Businesses in Africa
Saying “People are both the problem and the solution as they are the human firewall that can stand against the threats and play a huge role in mitigating security risks, Collard calls says there is an urgent need for security training.
The survey says that businesses that are focusing on hybrid or remote working frameworks will have to put training at the forefront of their policies and planning as “a breach could cost them financially and reputationally – particularly now, in the era of rigorous protection of personal information legislation – and poor user behaviour is a leading cause of security incidents across the three countries.”
RELATED: Why African Investors Need to Venture into the Flexible Workspace Industry
While the number of security incidents experienced by companies overall dropped in 2021, the report says, attacks that got through used phishing, social engineering, ransomware and malware. Unintentional data leaks sat in the third position in South Africa alongside credential theft, while Kenya battled with phishing and ransomware. Nigeria’s biggest problems were social engineering and phishing.”
“Companies across Nigeria, Kenya and South Africa have also struggled with insecure home Wi-Fi networks and people sharing their corporate devices with family and friends,” says Collard. “The pandemic threw everyone in the deep end in 2020, and they all spent 2021 learning how to swim. Now, in 2022, it is time to redefine and reshape how the organisation manages security and remote working as effectively and dynamically as possible.”
RELATED:Trail Blazing Nun Sets Agenda in Research, Academia and the Arts
This means that companies need to refine their security awareness processes alongside providing training and education. The first step is to invest in robust security policies that outline the risks, and that inform users how to report and act when faced with a potential cyberattack. The simpler and more straight forward those processes and tools are, the higher the probability that people will play their part. While the report found that most companies have put a lot of time and effort into shoring up the security walls, many do not prioritise it as much as they should – often cutting security budgets and leaving IT teams with limited resources.
“The reality is that cybersecurity is a constantly evolving landscape that expects organisations to evolve along with it,” concludes Collard. “As remote working gains traction and stability, cybercriminals are going to exploit every weakness they can find – from a poorly secured home network to a badly trained employee. This is the perfect time to establish a security culture within the business and prioritise its value and importance.”