Botnets: robots to avoid

Malware has been around in some form for over 40 years, but the use of malware to take control of a group of computers that are then organised into something called a botnet is more than a 21st century phenomenon, says Carey van Vlaanderen, CEO of ESET Southern Africa.

Continue reading

The South African Council of Shopping Centres, the Consumer Goods Council of South Africa, Business against Crime South Africa, the South African Police Service, retailers and shopping centre owners/managers have formed an anti-crime collaborative forum to stem the recent spate of shopping centre robberies which have plagued Gauteng.

Continue reading

Very small businesses (VSBs) with fewer than 25 employees have the same rate of mobile device adoption as large enterprises. However, most VSBs lack the security awareness, technical expertise, and budget needed to properly protect company-issued or employee-owned (BYOD) mobile devices.

A Kaspersky Lab survey asked 3 900 IT professionals worldwide about IT challenges they encountered over the previous 12 months, and 34% of VSBs said they had managed the integration of mobile devices into their business.
What’s noteworthy is this rate is nearly identical to the rate of mobile integration reported by enterprises, which was 35%.

This means the smallest companies in the world are adopting mobile technology at essentially the same rate as huge companies with more than 5 000 employees. In fact, VSBs actually reported a higher rate of mobile adoption than small businesses with 26 to 99 employees, as well as large businesses with 1 500 to 5 000 employees.

VSBs reported 6% more mobile integration than small businesses (defined as 26 to 99 employees), and 2% more than large businesses (defined as 1 500 to 5 000 employees). These statistics certainly cast doubt on any perceptions that VSBs are confined to antiquated technology or slow to invest in IT.

Mobile technology may not be restricted to businesses based on their size, but there are other key factors to consider. Expertise and resources are the most obvious limitations of VSBs, which frequently don’t have dedicated IT staff to manage technology implementations.

These limitations may lead to a knowledge gap even amongst security-minded business owners. For example, 31% of VSBs listed “Securing Mobile/Portable Computing Devices” as one of their top-three IT security priorities for the next 12 months (a rate comparable to the 34% adoption rate from the previous 12 months).

But when asked about BYOD (bring your own device) policies, where employees use their own mobile devices for business purposes, the survey uncovered a perception-gap based on company size.

When surveying attitudes towards technology trends, 28% of VSBs agreed that BYOD introduces an increased IT security risk to their business. But large businesses and enterprises had a response rate that was nearly twice the VSB response, with 52% and 48% respectively agreeing about the risks presented by BYOD. Is it possible that VSBs are overlooking employee-owned mobile devices as a security risk?

This seems like a particularly troubling possibility, given that VSBs and their limited budgets are most likely to view employee-owned devices as a cost-savings measure and gladly welcome these devices onto their networks.
Common threats from employee-owned mobile devices include malware or rouge applications connecting to the company’s network via the employee’s device, or company data disappearing along with a lost or stolen employee device.

Realising that most VSBs lack the budget and technical sophistication for advanced mobile security solutions, small businesses can still use mobile technology – including employee-owned devices – without a huge investment of time or money. A mixture of common-sense and the right technology can go a long way to securing mobile devices, and help the owners of a start-up get back to running their business:

* Employee education – the first lines of protecting your business data are employees with security mind-sets. Make sure new employees know that if their smartphones or tablets contain workplace information, that device shouldn’t be subjected to unnecessarily risky usage habits (e.g., browsing questionable websites), and if the device is lost or stolen, it should be reported immediately to the employer, not days later.

* Basic anti-theft – an inexpensive piece of software that can remotely-wipe the data from missing or stolen devices is essential. Some devices offer similar functions built-in, and there are many third-party applications that can accomplish this task. But make sure an employee understands that if their device is wiped, that typically means any personal information on the device is deleted as well.

* Avoid complexity – a newly-created start up business with five employees can’t spend hours purchasing, deploying, and managing a business-grade security product that wasn’t built for their purposes. Avoid purchasing a larger product than the business needs, and stick to core mobile security features.

For small businesses looking to learn more about Kaspersky Lab’s mobile security technology, they go to www.kapersky.com and read their Dummies Guide for mobile security and BYOD.

PIC website hacked

The website of government-owned Public Investment Corporation’s (PIC) – which has more than R1.6 trillion under its management – has been hacked.

The Democratic Alliance (DA), which picked up on the incident, said that a Moroccan based hacker succeeded in breaching the PIC’s online security systems early Sunday morning, disabling the website and potentially gaining unauthorized access to the organisation’s private information.

The party provided a screenshot of the hack, which states: “Hacked By J4r; Gov’s Attacker !Moroccan Haxor”.

Hacked by j4r

Google has also indexed the hack, showing the PIC’s search links with the same text.

PIC hack in Google

“The DA will write to the Minister of Finance, Nhlanhla Nene, requesting urgent clarification on what measures have been taken to protect the integrity of information held by the Public Investment Corporation (PIC) following [the] cyber-attack,” said DA Shadow minister of finance, Dion George.

“This is a serious breach of the organisation’s cyber-security protocols and potentially compromises information on the investor’s operations and the private information of millions of South Africans.”

The PIC is a key driver for investment within the South African economy and is also responsible for managing funds acquired from public servants through the South African Government Employees Pension Fund (GEPF).

The PIC’s top five clients include

The Government Employees Pension Fund (GEPF);

The Unemployment Insurance Fund (UIF);

The Associated Institutions Pension Fund (AIPF);

The Compensation Commissioner: Pension Fund (CCPF);

and the Compensation Commissioner Fund (CC).

The group did not return comment by the time of publication.

Platinum:

         

Gold:


Silver:

           

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top