NINETY-FIVE percent of cyber breaches were reported in only three areas in 2016 -- government, retail and technology.
This does not mean these three are less diligent.
But they are popular targets because they keep high levels of personal information in their records.
Most of these cybersecurity breaches are due to human error.
Cyber-criminals and hackers infiltrate organisations through their weakest links, which are mostly not in the ICT departments.
An estimated 54% of Zimbabwe's companies say they have experienced one or more attacks in the last 12 months.
There is now a need for Zimbabwean companies to train their employees to protect themselves from cyberattacks.
It is crucial to establish clear policies and guidelines for all company employees to follow. These policies can help create a culture of securit-y awareness and minimise the risk of cyber threats.
- Mavhunga puts DeMbare into Chibuku quarterfinals
- Bulls to charge into Zimbabwe gold stocks
- Ndiraya concerned as goals dry up
- Letters: How solar power is transforming African farms
Some essential cyber policies to share with all employees include:
Acceptable use policy (AUP)
It outlines what is considered acceptable and unacceptable use of company resources, including computers, networks, and internet access.
It should address guidelines for personal use, prohibited activities such as downloading unauthorised software or accessing inappropriate websites, and consequences for policy violations.
The password policy
It defines strong password requirements, such as minimum length, complexity and regular password changes.
It should also emphasise the importance of not sharing passwords and using unique passwords for different accounts.
This policy outlines how different types of data should be classified based on sensitivity (eg public, internal, confidential).
It specifies the appropriate handling procedures for each classification, including access controls, encryption requirements, and data retention guidelines.
Bring your own device
If your organisation allows employees to use their personal devices for work purposes, a BYOD policy is crucial.
It should address security requirements for personal devices, such as installing necessary security software, keeping devices updated, and guidelines for accessing company resources securely.
Email, communication policy
This policy focuses on best practices for email usage and other communication channels.
It should address topics like avoiding suspicious attachments or links, being cautious about phishing attempts, not sharing sensitive information through unsecured channels, and guidelines for social engineering prevention.
Remote work policy
With the rise of remote work, it is important to have a policy that outlines security measures for employees working outside the office.
This policy should cover topics like secure remote access, using virtual private networks (VPNs), securing home Wi-Fi networks, and physical security of work devices.
Incident reporting policy
Employees should be aware of the procedures for reporting security incidents or suspicious activities promptly.
This policy should define what constitutes an incident, how and whom to report to, and the importance of timely reporting to mitigate potential damages.
Security awareness training
Regular security awareness training sessions should be conducted to educate employees about current cybersecurity threats, best practices, and emerging trends.
Training can cover topics like phishing awareness, social engineering, password hygiene, and safe browsing habits.
Cybersecurity is now a global priority as cybercrime and digital threats grow in frequency and complexity.
However, one of the major obstacles to preventing cybercrime is the cybersecurity workforce shortage and lack of new professionals in this industry.
Therefore it is important to have these policies regularly reviewed, updated, and communicated to employees.
Additionally, ensure that employees acknowledge and understand these policies by requesting them to sign an acknowledgment form.
It is clear that businesses are under a constant threat of cybercrime and must take steps to defend themselves.
Do not wait until it is too late.
Take steps today to prevent future data breaches and the consequences that follow.
- Mutisi is the CEO of Hansole Investments (Pvt) Ltd. He is the current chairperson of Zimbabwe Information & Communication Technology, a division of Zimbabwe Institution of Engineers.