Two years after the European Union released strict data security rules through the General Data Protection Regulation (GDPR), the South African Protection of Personal Information Act (POPIA) entered the local landscape. Released on 1 July 2020, the new additions in the Act now holds companies more accountable for safeguarding consumer data.

Digitalization will unlock numerous advantages for companies. However, without hyper-secure infrastructures, networks, hosting and endpoints in place, the risks for cyber-attacks are simply too high. To add insult to injury, research by Kaspersky revealed that 46% of cyber incidents are due to human error. Cyber security is a multifaceted approach and key to this is the regular and ongoing online safety training of the workforce.

Some of the topics these training sessions should include are:

The threats

Terminology like malware, phishing, spear-phishing, whaling, ransomware and viruses could seem irrelevant to your employees, or only as something the IT department needs to worry about. Ensure your training material includes relevant and practical examples of what these threats look like and how one careless click could cause damage to the business.

The basics

Yes, make sure your material covers and emphasises the basics, including safe online browsing, shopping and downloads. What might seem obvious to some, may not be known to everyone. Viruses are often disguised as harmless apps or helpful programs. Online safety via mobile devices and proper password creation and storage should be diligently observed as well.

The social connection

Hackers are extremely talented in the art of social engineering. They use social media platforms to befriend and obtain personal information with which to feed fraudulent activity. As many employees indicate their place of work on their profiles and access social media platforms at the office, the social angle of cyber security is very important and should be addressed.

The use of unauthorised USBs and external hard drives should be strictly prohibited due to the risks involved. The significance of doing so should be highlighted.

Inappropriate use of company IT resources

It is very important to discuss in detail what the inappropriate use of company IT resources entails. This should in fact form part of the company’s policy and in failing to comply employees need to be brought to task, so as to understand the severity.

Cyber security starts at the foundation of your company’s network, its hosting, all the way through to every employee you hire. There are industry leading and secure hosting solutions, antivirus software and SSL certificates available to ensure your cyber safety, and a reliable hosting provider should be able to assist you to ensure that your online business has the right level of security.