Cyber Security & Risks to Businesses / Kuber-Sekuriteit & Sake Riko’s
Die reg op privaatheid is 'n fundamentele reg wat verskans is in ons Grondwet. Hierdie reg omvat ondermeer ook die reg op die beskerming teen die onregmatige versameling, bewaring, verspreiding en gebruik van enige persoonlike inligting.
In addition to this, the Protection of Personal Information Act (POPI) promotes the protection of personal information processed by public and private bodies. It is a comprehensive Act which protects the integrity and sensitivity of private information and which will apply to any information regarding clients or suppliers, contact details, correspondence, human resources and payroll data, curricula vitae, applications for employment, CCTV records, performance reviews and internal email records. Contravention of the POPI Act can result in fines of up to R10 Million or 10 years in jail and entities may be required to pay out significant sums in damages too.
Gelukkig vereis die POPI-wet slegs dat ondernemings redelike maatreëls moet tref om sodanige persoonlike inligting wat hulle verwerk (Artikel 19) te beveilig. Die vrye vloei van inligting bly belangrik vir enige onderneming en prakties gesproke, is dit haas onmoontlik om alle persoonlike inligting wat deur ‘n besigheid verwerk word, deurentyd te beskerm. Ondernemings hoef dus slegs te doen, wat redelikerwys moontlik is, om persoonlike inligting in hul besit, of onder hul beheer is, te beskerm.
Cyber-attacks on businesses and institutions in South Africa have been in the news lately. It is a global phenomenon which has been on the increase. It is said that cyber criminals generate revenues of $1.5 Trillion annually and that attacks are mostly financially motivated. It poses a threat to any business and businesses should therefore take care to protect themselves from becoming a victim.
Daar is oor die algemeen twee soorte internet-misdade:
- Gewone kuber-krakers (“hacking’) - waar krakers toegang tot 'n besigheid se lêers of bedieners kry en inligting daaruit kry.
- Sogenaamde DDOS-aanvalle - waar die krakers toegang bekom tot 'n besigheid se lêers of bedieners en die inhoud daarvan so verander sodat niemand toegang tot hul dienste en webblaaie kan verkry nie.
Recent cyber-attacks in South Africa:
- In 2019, over the Easter weekend, Joy magazine, fell victim to a cyber-attack. Hackers encrypted all their files, which made it impossible for any of their employees to access them and demanded a ransom to release the files. A virus called Rapid Ransom infected all their backups as well. Their designers and bookkeepers couldn’t access their files and their subscription manager couldn’t access their database. To recreate the work lost would have been a mammoth task. According to social media, the magazine paid the ransom and thereafter received the decryption keys from the hackers to regain access to all their files.
- Last week the City of Joburg fell victim to a cyber attack where hackers demanded a 4.0 bitcoin ransom by 28 October at 5pm. Several city employees received a ransom note saying “All your servers and data have been hacked. We have dozens of back doors inside your city. We have control over everything in your city. We also compromised all passwords and sensitive data such as finance and personal population information.” The hackers threatened to upload and release their customer information on the internet if the ransom wasn’t paid. The City refused to pay the ransom and have sought help from international partners instead.
According to Verison’s 2019 Data Breach Investigations Report, a research survey they did based on 41 686 global security incidents, showed that the biggest category of cybercrime victims are small businesses which had 43% breaches. This was followed by Public Sector entities 16%, Health Care Sector 15% and the Financial Sector 10%.
'n Onderneming wat die onderwerp van ‘n suksesvolle aanslag deur kapers was loop voorts die risiko van een of meer moontlike burgerlike klas-aksies vir skadevergoeding indien daar bewys kan word dat daar ‘n versuim was om die persoonlike inligting van hul kliënte te beskerm. In die lig van die ernstige gevolge wat dit vir groot sowel as klein ondernemings inhou, is dit belangrik om voorkomende maatreëls in te stel om jouself te beskerm.
Some of the things you can do to protect yourself:
- Install a firewall on your computer
- Installeer teen-spioenasie sagteware op jou rekenaar
- Ensure that you update your software when prompted to do so. Not updating software will leave you vulnerable.
- Maak gebruik van kuber-ruimte stoor opsies vir herwin-kopieë (“back-ups”) van inligting.
- Ensure that your devices are password protected with a strong password.
- Moenie op enige iets klik, of aflaai nie, tensy u 100% vertroue het in die bron daarvan nie.
- Conduct security risk assessments.
- Maak seker dat alle werknemers behoorlik opgelei is.
Groete / Regards,
Hennie, Eberhard & Cheryl-Anne | Directors
Provided by Van Zyl Kruger
© DotNews. All Rights Reserved.