HP has unveiled the results from its fifth annual study in partnership with the Ponemon Institute detailing the rising cost, frequency and time to resolve cyber-attacks.
HP has unveiled the results from its fifth annual study in partnership with the Ponemon Institute detailing the rising cost, frequency and time to resolve cyber-attacks.
Very small businesses (VSBs) with fewer than 25 employees have the same rate of mobile device adoption as large enterprises. However, most VSBs lack the security awareness, technical expertise, and budget needed to properly protect company-issued or employee-owned (BYOD) mobile devices.
A Kaspersky Lab survey asked 3 900 IT professionals worldwide about IT challenges they encountered over the previous 12 months, and 34% of VSBs said they had managed the integration of mobile devices into their business.
What’s noteworthy is this rate is nearly identical to the rate of mobile integration reported by enterprises, which was 35%.
This means the smallest companies in the world are adopting mobile technology at essentially the same rate as huge companies with more than 5 000 employees. In fact, VSBs actually reported a higher rate of mobile adoption than small businesses with 26 to 99 employees, as well as large businesses with 1 500 to 5 000 employees.
VSBs reported 6% more mobile integration than small businesses (defined as 26 to 99 employees), and 2% more than large businesses (defined as 1 500 to 5 000 employees). These statistics certainly cast doubt on any perceptions that VSBs are confined to antiquated technology or slow to invest in IT.
Mobile technology may not be restricted to businesses based on their size, but there are other key factors to consider. Expertise and resources are the most obvious limitations of VSBs, which frequently don’t have dedicated IT staff to manage technology implementations.
These limitations may lead to a knowledge gap even amongst security-minded business owners. For example, 31% of VSBs listed “Securing Mobile/Portable Computing Devices” as one of their top-three IT security priorities for the next 12 months (a rate comparable to the 34% adoption rate from the previous 12 months).
But when asked about BYOD (bring your own device) policies, where employees use their own mobile devices for business purposes, the survey uncovered a perception-gap based on company size.
When surveying attitudes towards technology trends, 28% of VSBs agreed that BYOD introduces an increased IT security risk to their business. But large businesses and enterprises had a response rate that was nearly twice the VSB response, with 52% and 48% respectively agreeing about the risks presented by BYOD. Is it possible that VSBs are overlooking employee-owned mobile devices as a security risk?
This seems like a particularly troubling possibility, given that VSBs and their limited budgets are most likely to view employee-owned devices as a cost-savings measure and gladly welcome these devices onto their networks.
Common threats from employee-owned mobile devices include malware or rouge applications connecting to the company’s network via the employee’s device, or company data disappearing along with a lost or stolen employee device.
Realising that most VSBs lack the budget and technical sophistication for advanced mobile security solutions, small businesses can still use mobile technology – including employee-owned devices – without a huge investment of time or money. A mixture of common-sense and the right technology can go a long way to securing mobile devices, and help the owners of a start-up get back to running their business:
* Employee education – the first lines of protecting your business data are employees with security mind-sets. Make sure new employees know that if their smartphones or tablets contain workplace information, that device shouldn’t be subjected to unnecessarily risky usage habits (e.g., browsing questionable websites), and if the device is lost or stolen, it should be reported immediately to the employer, not days later.
* Basic anti-theft – an inexpensive piece of software that can remotely-wipe the data from missing or stolen devices is essential. Some devices offer similar functions built-in, and there are many third-party applications that can accomplish this task. But make sure an employee understands that if their device is wiped, that typically means any personal information on the device is deleted as well.
* Avoid complexity – a newly-created start up business with five employees can’t spend hours purchasing, deploying, and managing a business-grade security product that wasn’t built for their purposes. Avoid purchasing a larger product than the business needs, and stick to core mobile security features.
For small businesses looking to learn more about Kaspersky Lab’s mobile security technology, they go to www.kapersky.com and read their Dummies Guide for mobile security and BYOD.
Google is adding its considerable weight to the online security space by giving a rankings boost to sites that go HTTPS. HTTPS means adding an SSL 2048-bit key certificate to a Web site, and thus increasing the security of the site.
As part of ongoing efforts to improve the safety and security of online shoppers, www.bidorbuy.co.za has extended its Buyer Protection Programme to give buyers an additional peace of mind by covering practically all purchases made on the site.
The website of government-owned Public Investment Corporation’s (PIC) – which has more than R1.6 trillion under its management – has been hacked.
The Democratic Alliance (DA), which picked up on the incident, said that a Moroccan based hacker succeeded in breaching the PIC’s online security systems early Sunday morning, disabling the website and potentially gaining unauthorized access to the organisation’s private information.
The party provided a screenshot of the hack, which states: “Hacked By J4r; Gov’s Attacker !Moroccan Haxor”.
Hacked by j4r
Google has also indexed the hack, showing the PIC’s search links with the same text.
PIC hack in Google
“The DA will write to the Minister of Finance, Nhlanhla Nene, requesting urgent clarification on what measures have been taken to protect the integrity of information held by the Public Investment Corporation (PIC) following [the] cyber-attack,” said DA Shadow minister of finance, Dion George.
“This is a serious breach of the organisation’s cyber-security protocols and potentially compromises information on the investor’s operations and the private information of millions of South Africans.”
The PIC is a key driver for investment within the South African economy and is also responsible for managing funds acquired from public servants through the South African Government Employees Pension Fund (GEPF).
The PIC’s top five clients include
The Government Employees Pension Fund (GEPF);
The Unemployment Insurance Fund (UIF);
The Associated Institutions Pension Fund (AIPF);
The Compensation Commissioner: Pension Fund (CCPF);
and the Compensation Commissioner Fund (CC).
The group did not return comment by the time of publication.
We were shocked and horrified to hear that only a couple of months after moving into their new, state-of-the-art offices down Woodmead way, that the Tarsus warehouse was robbed of nearly R9-million worth of stock. Even more shocking was the fact that the gang of nine armed robbers seemed to know exactly what they were doing and looking for when they committed the crime. They ambushed CEO Anton Herbst as he was leaving the premises – later than most – and forced him at gunpoint to use his security clearance to gain access to the areas they had targeted. The robbers concentrated on notebooks and other mobile products – their only misinformation, apparently was when they demanded to know where Tarsus’ cell phone stock was. We’re very glad to report that neither Herbst nor other staff were injured in the robbery, but the very trauma of the incident does not bear thinking about. We hear that some useful images of the gangsters were captured by the company’s CCTV – maybe Tarsus should consider distributing these not only in an attempt to see them brought to justice, but also so that other distributors can be made aware of the potential threats. Threats, we might add, that are commonplace in the South African channel, but which European and US colleagues can never comprehend when you relate such stories.
In the first nine months since the appointment of the Consumer Goods and Services Ombudsman, Advocate Neville Melville, in June 2013, the Consumer Goods and Services Ombud (CGSO) dealt with 4281 cases against retailers and suppliers. Between 1 June 2013 and 31 March 2014, the office closed 71% or 3049 of these cases.
“It is pleasing to note that since opening our doors we have been able to help thousands of consumers resolve disputes with suppliers across a range of sectors,” says Melville. “It shows the need for an independent mediator, outside of the expensive court system, to seek fair resolutions for all parties.”
On average,it took the office 16 days to close a case, although more complicated cases took around 74 days.
“There is no doubt that consumers are becoming more aware of their rights and also more demanding, which leads to more time-consuming cases,” says Melville. “The challenge is in striking the balance between the rights and responsibilities of both consumers and suppliers.”
The furniture sector topped the list of complaints, with 600 complaints lodged during the period. Telecommunications companies followed with 444 complaints; motor vehicles (378); appliances (387);clothing (208) and financial services (166).
The types of complaints received by the office were mostly around the delivery and quality of goods or defects in goods; food safety; incorrect pricing; availability of advertised specials; performance of services; lay-by; and contractual arrangements. Complaints which related to credit and motor vehicle industries were referred to the relevant ombud scheme.
Melville says increasing enquiries about service delivery issues are expected as awareness of the ombud scheme grows.
“It’s been three years since the Consumer Protection Act (CPA) was implemented and businesses have responded by improving their customer service, while consumers are more demanding when it comes to disputes,” he adds. “There has definitely been a step-change in the way that many companies treat their customers, however the response to the CPA differs from industry-to-industry and size of organisation.”
He adds that many big suppliers have come to grips with process of complaints and returns and, with the exception of cell phone companies, are not insisting on are pair instead of a replacement or refund.
“There will always be leaders and it’s now about encouraging others to follow their good example.”
The CGSO was set up in 2013 to reduce the burden of consumer complaints on the National Consumer Commission. Amongst its main work, the CGSO seeks to ensure that suppliers uphold the Code of Conduct for the Consumer Goods and Services Industry, which sets minimum standards of conduct for industry when dealing with consumers.
“The challenge is to raise the standard of conduct amongst suppliers and retailers without endangering the vitality and growth of business,” says Melville.
Meville believes that consumers are also more aware of their rights when it comes to complaining, but says they still tend to cling to the myth that they have a cooling off period in terms of every transaction.
“There is still a need to educate consumers about this in particular and of their responsibilities in general,” explains Melville. “We’re working towards a situation where suppliers appreciate the value of independent third party dispute resolution as an extension of the customer value chain and where customers feel they are getting a fair and equitable deal in the process.”
He emphasises that the growth of social media as a channel for customer engagement– both positive and negative – has spurred many bigger businesses to improve their customer relations.
“Ina connected world, it’s much easier and quicker for negative publicity about the way they handle their customers to impact their reputation and bottom line,”says Melville. “Most sales agreements are now in line with the legislation and most companies have set up the necessary processes and procedures for dealing with consumer complaints.”
But he says that many smaller suppliers remain hostile to CPA. “They seem to be denial or angry when their customers complain.”
He believes that this is driven by the idea that South Africa is a third world country and that businesses cannot afford to implement an advanced consumer rights framework.
The CPA is based on 1979 British legislation and follows other emerging nations such as Botswana, which implemented similar legislation in 2003 and India, in 1986. According to UN, 100 countries have implemented legislation based on the UN Consumer Protection Guidelines.
“It is simply incorrect to say South Africa is ahead of the pack when it comes to consumer rights,” says Melville. “If anything, third world countries where consumers generally have low levels of literacy, low incomes, limited access to courts and who face massively imbalanced bargaining powers are the very people who require protection.”
Concludes Melville: “A less adversarial approach to customer complaints resolution is likely to continue shaping the way suppliers interact with their customers, for the better.”
About the CGSO
The Office of the Consumer Goods and Services Ombud (CGSO) is the consumer goods and services industry’s voluntary Ombud scheme, set up in line with the Consumer Protection Act.
The CGSO enforces the Consumer Goods and Services Industry Code of Conduct by receiving and dealing with consumer goods complaints by a consumer free of charge and investigating alleged contraventions.
On 28 October 2013, 50/50 broadcast a feature on SABC 2 regarding Rhino Force, a commercial company that donates a percentage of profit from the sale of beaded bracelets to rhino conservation. Attorney Andrew Boerner of Jurgens Bekker Attorneys lodged a complaint against SABC 2 with the Broadcasting Complaints Commission of South Africa (BCCSA) on behalf of Rhino Force.
The BCCSA ruled that SABC 2 was in contravention of Clause 12 and 13 of the BCCSA Free to Air Code stating in the judgment that:
Boerner stated: “The programme portrayed our client as dishonest. It was always our opinion that 50|50 were in breach of the BCCSA’s Code of Conduct. They presented a programme in which controversial issues were discussed, without making reasonable efforts to fairly present all the facts and our clients’ opposing points of view.
They also created an impression of dishonesty that was not based on facts. It is most pleasing that the BCCSA has vindicated our client and the complaint against 50/50, SABC 2 has been reprimanded and the complaint upheld.
50|50, despite being an environmental programme, entered into the world of investigative journalism without thoroughly investigating. They were found to be in breach of the Code of Conduct and have been reprimanded accordingly. We trust that lessons have been learnt by 50|50 and its producers and that they will exercise caution in their future reporting. The errors of fact, together with the omission of relevant material, meant that the SABC 2 and 50|50 had no justification for such a programme within the ambit of the BCCSA Code. Dwindling viewership is no excuse for incorrect reporting and irresponsible journalism.”
Joanne Lapin Thorpe, CEO of The Bead Coalition, owner of the Rhino Force brand says, “The rhino issue is highly emotive, and stirs the hearts and minds of millions. The scrutiny and investigation of commercial organizations donating millions to rhino conservation should be handled honestly, respectfully and responsibly. In this instance rhino conservation should have superceded 50|50’s hidden agendas and ill-intended sensationalism. 50|50’s factually incorrect and defamatory broadcast regarding Rhino Force has threatened rhinos greatest hope, the consumer. With 419 rhinos already lost to illegal poaching this year, Rhino Force will fiercely accelerate efforts to save rhinos with their iconic red, black and white beaded bracelet, a simple accessory that has become a world best-seller and a global symbol of rhino conservation. Over 700,000 people proudly wear the bracelet, including HRH Prince Harry. A massive R5,264,690.21 has been raised and donated to rhino conservation by Rhino Force, including the facilitation of R1,080,000.00 for rhino relocation to Botswana. We thank the BCCSA for our vindication.”
To learn more and to read the full BCCSA judgement visit:
Issued by The Bead Coalition
About The Bead Coalition
The Bead Coalition [Pty] Ltd is a commercial business based in Johannesburg. The organization’s bespoke accessory range include beaded items hand made by previously unemployed communities in rural South Africa and sold to the world. Cause themed accessories such as the rhino bracelet raise awareness and funds, making significant environmental, conservational change. Other bracelets include OCEAN, CYCLE, LITERACY, HERITAGE, MOTOR NEURON DISEASE and HIV. www.beadcoalition.com
Die Burger said Herman Pretorius, a businessman from Welgemoed had used R40m of his own money to pay out dividends to investors and had launched a private investigation into his former business partner, Julian Williams’s transactions.
Williams and Pretorius apparently had an argument in Pretorius’s office in the Cape Town CBD and both died in a shooting shortly afterwards.
There was speculation that Williams was shot first and that Pretorius then committed suicide but this had not yet been confirmed by police.
An expert, who didn’t want to be identified and who was helping Pretorius with his investigation, told reporters: “In my view, things weren’t done right. I suggested a forensic audit to him and told him to appoint a strong auditing firm.”
Moneyweb had reported in June that Pretorius had invested the money of selected investors from Moorreesburg, Porterville, Hopefield, Malmesbury, Riversdal and Durbanville.
Williams was the CEO of Basileus Capital.
A recent survey by PricewaterhouseCoopers (PwC) reveals crime is increasing in South Africa.
Titled the ‘2014 Global Economic Crime Survey’ it was conducted among 134 respondents from organisations in 17 industry sectors.
The report outlines how economic crime is a serious concern for South African companies, and 69% of respondents say they have experienced some form of economic crime in the last 24 months. The global average is 37% – an increase of 3% since the last report was released in 2011, compared to a 9% increase in South Africa.
The types of economic crime experienced by South Africans are:
Asset misappropriation 77% (globally 69%);
Procurement fraud 59% (29%);
Bribery and corruption 52% (27%);
Human resources fraud 42% (15%);
Financial-statement fraud 35% (22%);
Cybercrime 26% (24%);
Money-laundering 14% (11%);
Tax fraud 11% (6%); and,
Illegal insider trading 9% (5%).
Other types of crime reported include market fraud involving price fixing (8% vs 5%); intellectual property infringement, including data theft (7% vs 8%); mortgage fraud (4% v 7%); and espionage (3% locally and globally).
According to corruptionwatch.org.za, the fastest-growing economic crime category in South Africa is bribery and corruption, which together with procurement and human resources fraud as well as financial statement fraud, sets local organisations above their global counterparts – and not in a good way. Bribery and corruption has risen from 42% to 59% since the last survey.
Just over half (52%) of South African respondents reported bribery. And with numerous South African companies expanding into Africa and abroad, bribery and corruption may pose a significant threat to them, especially if they do business in the US or UK. This is because offences are often pursued by regulators across borders through far-reaching laws such as the US Foreign Corrupt Practices Act and the UK Bribery Act.
Procurement fraud, another of Corruption Watch’s focus areas, was experienced by 59% of South African respondents during the past 24 months, compared to only 29% of global respondents. Locally, the most vulnerable step in the procurement process is vendor selection, but other areas such as the invitation to bid, drawing up the contract, and the payment process are also targeted.
The PwC survey reports that formal fraud risk management programmes have become the most effective fraud detection method, but that risk assessments are a neglected area of doing business in South Africa.
In addition, 82% of South African respondents (against 62% globally) indicate that their organisations have implemented a formal whistle-blowing system. However, the survey also finds that the effectiveness of whistle-blowing mechanisms has decreased over the years, but it does reveal an increase in the number of crimes detected by accident.
And once the crime has been sniffed out, more South African companies (82% versus 49% globally) hand the case over to law-enforcement agents to deal with internal culprits.
The following crime tips have been developed by the SAPS and Business Against Crime South Africa:
1. Cash Management
Shops should keep the amount of cash on hand to a minimum and there should be highly visible signs that indicate this.
Set a maximum amount of cash that should be available in the tills and try not to exceed this amount.
During busy periods the cash tills needs to be checked regularly to ensure that they have not exceeded their limit.
Remove excess cash from the register/s and secure this cash in a drop safe or secure safe not accessible to the public.
Ensure that banking is done regularly and do not allow large amounts of cash to be kept on the premises.
Do not count money from the cash register on the service counter/s where everyone can see.
Where the shop does not have a dedicated cash oice, prepare cash for banking in a secure part of the store which is not accessible to the
Do banking on a daily basis, to restrict the amount of cash in the tills.
Vary the times of banking.
Do not display that you are on your way to the bank.
2. When using private security services
The security guards should be rotated.
Insist that guards are vetted on a regular basis.
Use the services of reputable guarding companies. Ensure that the security company is registered with PSIRA.
3. Controlled entrances
Ensure that the premises are not overcrowded.
Restrict movement at the entrance and exits.
Install the best security you can afford. For example, security gates on entrance to the premises and back doors. Keep these gates locked and fix a door viewer to the gate and an automatic door opener or latch chain.
If you have a firearm make sure it is secured and that you have a safe on the premises.
Ensure you stay out of reach of this security gate to prevent someone grabbing you through the closed gate.
4. Be alert during opening and closing times
Request to be accompanied by Security staff if available.
Work in pairs to prevent being overpowered or surprised e.g. When taking out trash.
6. Persons entering the premise
Train staff to ask for identification and to call for verification before allowing entrance to the premises.
Always check the identity of people who visit you shop for deliveries or other business reasons.
Verify and keep staff aware of all maintenance being done.
Insist on verification of personnel employed by builders and maintenance companies.
7. Proper identification of staff employed (even temporary staff)
Verify that the person to be employed stays at the address given as the residential address.
Ensure that a copy of the original identification document is obtained from all people employed.
Obtain and verify contact details of close friends and relatives of the person employed.
Regretfully, My Office magazine’s own Wendy Dancer was a recent victim of an attempted hijacking. While she did manage to get away unscathed, it pays to be prepared:
Keep vehicle windows closed when approaching a robot, and be vigilant at all times, especially at night.
Do not wear jewellery when going out shopping, rather leave it at home in a safe.
Always check that your vehicle’s doors are locked before walking away from the vehicle.
Make sure your valuables are stored out of sight before driving off.
Try to park in paid parking areas where there are security guards.
Test your tracking device to ensure it is in good working order.
Always leave your window approx. 5cm open – if the window is totally closed, it is easier for them to break!
Always put your bag under the passenger seat or in the boot – never grab for it when you are getting out the car when being hijacked he will think you are reaching for a gun and shoot you.
Don’t use petrol stations after 9pm – they are now hijacking there too.
Always keep your cell clipped to your belt so when you are out of the car you can call for help.
Be more aware – count the number of cars around you, the number of people in groups etc. then you will know exactly when one is missing!
Don’t race to the robot if it is red – you get hijacked only when the car is stationary – rather glide to the red robot, so there is only a short time until the robot turns green.
Be very aware when going under bridges – they drop stones onto your windscreen etc. forcing you to stop.
When the gun is put to your window – put both hands up facing him – always allow him to see your hands otherwise he thinks you are looking around for a gun and will shoot you.
Be aware of where the police station is in your work /home area. If a “cop” wants to pull you over drive to the police station first – maybe he is not a cop.
The human body takes 21 days to kick into a habit – therefore, don’t give up on being aware, persist for at least 21 days.
Report all crime to the shop-sa Crime Alert number on Jhb: 011 7810372 or CT: 0217901209