Botnets: robots to avoid

Malware has been around in some form for over 40 years, but the use of malware to take control of a group of computers that are then organised into something called a botnet is more than a 21st century phenomenon, says Carey van Vlaanderen, CEO of ESET Southern Africa.

Continue reading

The South African Council of Shopping Centres, the Consumer Goods Council of South Africa, Business against Crime South Africa, the South African Police Service, retailers and shopping centre owners/managers have formed an anti-crime collaborative forum to stem the recent spate of shopping centre robberies which have plagued Gauteng.

Continue reading

Very small businesses (VSBs) with fewer than 25 employees have the same rate of mobile device adoption as large enterprises. However, most VSBs lack the security awareness, technical expertise, and budget needed to properly protect company-issued or employee-owned (BYOD) mobile devices.

A Kaspersky Lab survey asked 3 900 IT professionals worldwide about IT challenges they encountered over the previous 12 months, and 34% of VSBs said they had managed the integration of mobile devices into their business.
What’s noteworthy is this rate is nearly identical to the rate of mobile integration reported by enterprises, which was 35%.

This means the smallest companies in the world are adopting mobile technology at essentially the same rate as huge companies with more than 5 000 employees. In fact, VSBs actually reported a higher rate of mobile adoption than small businesses with 26 to 99 employees, as well as large businesses with 1 500 to 5 000 employees.

VSBs reported 6% more mobile integration than small businesses (defined as 26 to 99 employees), and 2% more than large businesses (defined as 1 500 to 5 000 employees). These statistics certainly cast doubt on any perceptions that VSBs are confined to antiquated technology or slow to invest in IT.

Mobile technology may not be restricted to businesses based on their size, but there are other key factors to consider. Expertise and resources are the most obvious limitations of VSBs, which frequently don’t have dedicated IT staff to manage technology implementations.

These limitations may lead to a knowledge gap even amongst security-minded business owners. For example, 31% of VSBs listed “Securing Mobile/Portable Computing Devices” as one of their top-three IT security priorities for the next 12 months (a rate comparable to the 34% adoption rate from the previous 12 months).

But when asked about BYOD (bring your own device) policies, where employees use their own mobile devices for business purposes, the survey uncovered a perception-gap based on company size.

When surveying attitudes towards technology trends, 28% of VSBs agreed that BYOD introduces an increased IT security risk to their business. But large businesses and enterprises had a response rate that was nearly twice the VSB response, with 52% and 48% respectively agreeing about the risks presented by BYOD. Is it possible that VSBs are overlooking employee-owned mobile devices as a security risk?

This seems like a particularly troubling possibility, given that VSBs and their limited budgets are most likely to view employee-owned devices as a cost-savings measure and gladly welcome these devices onto their networks.
Common threats from employee-owned mobile devices include malware or rouge applications connecting to the company’s network via the employee’s device, or company data disappearing along with a lost or stolen employee device.

Realising that most VSBs lack the budget and technical sophistication for advanced mobile security solutions, small businesses can still use mobile technology – including employee-owned devices – without a huge investment of time or money. A mixture of common-sense and the right technology can go a long way to securing mobile devices, and help the owners of a start-up get back to running their business:

* Employee education – the first lines of protecting your business data are employees with security mind-sets. Make sure new employees know that if their smartphones or tablets contain workplace information, that device shouldn’t be subjected to unnecessarily risky usage habits (e.g., browsing questionable websites), and if the device is lost or stolen, it should be reported immediately to the employer, not days later.

* Basic anti-theft – an inexpensive piece of software that can remotely-wipe the data from missing or stolen devices is essential. Some devices offer similar functions built-in, and there are many third-party applications that can accomplish this task. But make sure an employee understands that if their device is wiped, that typically means any personal information on the device is deleted as well.

* Avoid complexity – a newly-created start up business with five employees can’t spend hours purchasing, deploying, and managing a business-grade security product that wasn’t built for their purposes. Avoid purchasing a larger product than the business needs, and stick to core mobile security features.

For small businesses looking to learn more about Kaspersky Lab’s mobile security technology, they go to and read their Dummies Guide for mobile security and BYOD.

PIC website hacked

The website of government-owned Public Investment Corporation’s (PIC) – which has more than R1.6 trillion under its management – has been hacked.

The Democratic Alliance (DA), which picked up on the incident, said that a Moroccan based hacker succeeded in breaching the PIC’s online security systems early Sunday morning, disabling the website and potentially gaining unauthorized access to the organisation’s private information.

The party provided a screenshot of the hack, which states: “Hacked By J4r; Gov’s Attacker !Moroccan Haxor”.

Hacked by j4r

Google has also indexed the hack, showing the PIC’s search links with the same text.

PIC hack in Google

“The DA will write to the Minister of Finance, Nhlanhla Nene, requesting urgent clarification on what measures have been taken to protect the integrity of information held by the Public Investment Corporation (PIC) following [the] cyber-attack,” said DA Shadow minister of finance, Dion George.

“This is a serious breach of the organisation’s cyber-security protocols and potentially compromises information on the investor’s operations and the private information of millions of South Africans.”

The PIC is a key driver for investment within the South African economy and is also responsible for managing funds acquired from public servants through the South African Government Employees Pension Fund (GEPF).

The PIC’s top five clients include

The Government Employees Pension Fund (GEPF);

The Unemployment Insurance Fund (UIF);

The Associated Institutions Pension Fund (AIPF);

The Compensation Commissioner: Pension Fund (CCPF);

and the Compensation Commissioner Fund (CC).

The group did not return comment by the time of publication.

Re-Distribution… SA-style

We were shocked and horrified to hear that only a couple of months after moving into their new, state-of-the-art offices down Woodmead way, that the Tarsus warehouse was robbed of nearly R9-million worth of stock. Even more shocking was the fact that the gang of nine armed robbers seemed to know exactly what they were doing and looking for when they committed the crime. They ambushed CEO Anton Herbst as he was leaving the premises – later than most – and forced him at gunpoint to use his security clearance to gain access to the areas they had targeted. The robbers concentrated on notebooks and other mobile products – their only misinformation, apparently was when they demanded to know where Tarsus’ cell phone stock was. We’re very glad to report that neither Herbst nor other staff were injured in the robbery, but the very trauma of the incident does not bear thinking about. We hear that some useful images of the gangsters were captured by the company’s CCTV – maybe Tarsus should consider distributing these not only in an attempt to see them brought to justice, but also so that other distributors can be made aware of the potential threats. Threats, we might add, that are commonplace in the South African channel, but which European and US colleagues can never comprehend when you relate such stories.

In the first nine months since the appointment of the Consumer Goods and Services Ombudsman, Advocate Neville Melville, in June 2013, the Consumer Goods and Services Ombud (CGSO) dealt with 4281 cases against retailers and suppliers. Between 1 June 2013 and 31 March 2014, the office closed 71% or 3049 of these cases.


“It is pleasing to note that since opening our doors we have been able to help thousands of consumers resolve disputes with suppliers across a range of sectors,” says Melville. “It shows the need for an independent mediator, outside of the expensive court system, to seek fair resolutions for all parties.”

On average,it took the office 16 days to close a case, although more complicated cases took around 74 days.

“There is no doubt that consumers are becoming more aware of their rights and also more demanding, which leads to more time-consuming cases,” says Melville. “The challenge is in striking the balance between the rights and responsibilities of both consumers and suppliers.”

The furniture sector topped the list of complaints, with 600 complaints lodged during the period. Telecommunications companies followed with 444 complaints; motor vehicles (378); appliances (387);clothing (208) and financial services (166).

The types of complaints received by the office were mostly around the delivery and quality of goods or defects in goods; food safety; incorrect pricing; availability of advertised specials; performance of services; lay-by; and contractual arrangements. Complaints which related to credit and motor vehicle industries were referred to the relevant ombud scheme.

Melville says increasing enquiries about service delivery issues are expected as awareness of the ombud scheme grows.

“It’s been three years since the Consumer Protection Act (CPA) was implemented and businesses have responded by improving their customer service, while consumers are more demanding when it comes to disputes,” he adds. “There has definitely been a step-change in the way that many companies treat their customers, however the response to the CPA differs from industry-to-industry and size of organisation.”

He adds that many big suppliers have come to grips with process of complaints and returns and, with the exception of cell phone companies, are not insisting on are pair instead of a replacement or refund.

“There will always be leaders and it’s now about encouraging others to follow their good example.”

The CGSO was set up in 2013 to reduce the burden of consumer complaints on the National Consumer Commission. Amongst its main work, the CGSO seeks to ensure that suppliers uphold the Code of Conduct for the Consumer Goods and Services Industry, which sets minimum standards of conduct for industry when dealing with consumers.

“The challenge is to raise the standard of conduct amongst suppliers and retailers without endangering the vitality and growth of business,” says Melville.

Meville believes that consumers are also more aware of their rights when it comes to complaining, but says they still tend to cling to the myth that they have a cooling off period in terms of every transaction.

“There is still a need to educate consumers about this in particular and of their responsibilities in general,” explains Melville. “We’re working towards a situation where suppliers appreciate the value of independent third party dispute resolution as an extension of the customer value chain and where customers feel they are getting a fair and equitable deal in the process.”

He emphasises that the growth of social media as a channel for customer engagement– both positive and negative – has spurred many bigger businesses to improve their customer relations.

“Ina connected world, it’s much easier and quicker for negative publicity about the way they handle their customers to impact their reputation and bottom line,”says Melville. “Most sales agreements are now in line with the legislation and most companies have set up the necessary processes and procedures for dealing with consumer complaints.”

But he says that many smaller suppliers remain hostile to CPA. “They seem to be denial or angry when their customers complain.”

He believes that this is driven by the idea that South Africa is a third world country and that businesses cannot afford to implement an advanced consumer rights framework.

The CPA is based on 1979 British legislation and follows other emerging nations such as Botswana, which implemented similar legislation in 2003 and India, in 1986. According to UN, 100 countries have implemented legislation based on the UN Consumer Protection Guidelines.

“It is simply incorrect to say South Africa is ahead of the pack when it comes to consumer rights,” says Melville. “If anything, third world countries where consumers generally have low levels of literacy, low incomes, limited access to courts and who face massively imbalanced bargaining powers are the very people who require protection.”

Concludes Melville: “A less adversarial approach to customer complaints resolution is likely to continue shaping the way suppliers interact with their customers, for the better.”


About the CGSO

The Office of the Consumer Goods and Services Ombud (CGSO) is the consumer goods and services industry’s voluntary Ombud scheme, set up in line with the Consumer Protection Act.

The CGSO enforces the Consumer Goods and Services Industry Code of Conduct by receiving and dealing with consumer goods complaints by a consumer free of charge and investigating alleged contraventions. 

Follow us on social media: 


View our magazine archives: 


My Office News Ⓒ 2017 - Designed by A Collective