Cybercrime is not only rampant in South Africa, but could soon pose a significant threat to every economy, business, and person in the world. For example, the data breach at South African insurer, Liberty, in June this year, demonstrates how vulnerable companies are to cybercrimes. Liberty admitted1 hackers infiltrated its IT system and stole customer data. The hackers threatened to reveal the data if a ransom was not paid2. In another breach targeting the government, 934,000 personal records were made public online3.
Cybercriminals focus their efforts on a common vulnerability found in security systems: people. In a report on cybercrime and cybersecurity trends in Africa, cybersecurity provider Symantec reported that one in every 214 emails sent in South Africa was a spear phishing attack, which is the fraudulent practice of sending emails purporting to be from a known or trusted sender4. In South Africa, one in three cybercrime attacks sought access to businesses by deceiving people.
The rise of flexible workforces is directly linked to the proliferation of cybercrimes. A new era of employees who use their own computers and devices for both their personal and professional lives has provided cybercriminals unprecedented opportunities to breach systems. A new era of Bring Your Own Device (BYOD) places businesses at risk as flexible workforces are not subject to the same security protocols as other employees, which means in some cases, those workers—and their technologies—can bypass firewalls, password protections, and other security measures. Simply opening up a nefarious email can provide hackers access to a company’s infrastructure.
Many businesses have inadequate IT security policies in place, especially ones that account for human fallibility, and employees who view security measures as a barrier instead of an enabler for business. With employees at the heart of these vulnerabilities, HR professionals must play a greater role in combating cybercrimes by following these steps:
Keep abreast of security policies
HR professionals, in South Africa, should fully understand the Protection of Personal Information Act (PoPIA). This act legally requires local businesses to ensure that all client, supplier and employee information is stored, processed and destroyed in a manner that upholds the privacy and protection of personal data. This includes protecting sensitive employee data from falling into the wrong hands.
Most markets have similar security policies and protocols. Regardless of where in the world you are based, it’s important to familiarize yourself with them.
Address the potential risks posed by employees
The 2017 IBM X-Force Threat Intelligence Index revealed that 60% of cyber-attacks are the result of internal activities5. HR professionals must educate employees about the risks of cybercrimes and implement policies and procedures for employees who do not adhere to the rules.
Define the rules when working from home
The continued rise of the BYOD era is inevitable. The 2018 Mercer Global Talent Trends report noted that 82% of executives say that flexible workforces are essential to their core business operations6. HR professionals need to ensure that the right policies are in place to enable this trend to evolve within a South African context. Employees should understand the need to keep their security software up to date at all times—including when working from home.
Over the next five years, cybercrimes are projected to cost businesses US$8 trillion. Businesses that fail to address the severity and inevitability of cyber attacks are not fulfilling their professional—and now legal—obligations to their employees and customers. By embedding policies and rules to manage the era of BYOD and educating employees about the sophisticated tactics criminals use in the digital age, HR professionals can play an integral role in limiting exposure to risk and costly security breaches.