Issues and concerns around cyber security are a persistent topic of conversation; this is for very good reason, according to Marthinus Pretorius, Risk Management & Compliance Officer at e4, who says a little paranoia is healthy and even necessary when it comes to protecting valuable business information.
However, simply adding arbitrary security measures just because others are doing so may not be the best approach. "When we add cyber security measures, it is vital to ensure that the chosen solution is the right one, and is effective in preventing, or at least minimising, vulnerability," Pretorius explains.
A large part of discussions around cyber security is around encryption, and under what circumstances files should be encrypted. "There are many ways to determine what to encrypt in business, but it is always best to assess the business reason to encrypt information. Just as important is the question of when not to encrypt. Adding broad encryption over all information can lead to loss in performance and spending more money on technologies than is needed."Pretorius adds consideration should be given towards the purpose of the information in question, which legal requirements apply and whether the information has the potential to cause reputational damage to one's own organisation or that of a client.
As for encryption in the cloud, it is imperative that due diligence is done to ensure the prospective provider is certified for security and has a good reputation for being security conscious. "A secure provider will openly offer the measures they have taken to mitigate risk and will always be transparent about their current state of security," Pretorius notes. "That said, extremely sensitive information should not be stored in the cloud without the highest level of security measures in place. It's best to keep in mind that security is never absolute."
For businesses looking to improve security and mitigate risk, the sheer number of various technologies and algorithms available can make choosing the right solution a daunting task. Pretorius says reputable security professionals will be fully up to date on which cyphers are weak, and which algorithms can be circumvented.
In addition to having the correct levels of encryption, once the POPI Act and its regulations come into effect, businesses will need to ensure compliance. "While POPI itself not prescriptive in that it states encryption is a requirement; the Act does call for reasonable security measures. Again, it is important to choose what to encrypt to make sure all organisational security measures work in harmony.
"Security is an ongoing, ever-changing field; improve your measures at the appropriate levels for your business to balance the risks and make it work for you, rather than just doing what the masses say," concludes Pretorius.
e4 is an innovative specialist provider of electronic technology solutions and services. Providing customers with custom-built software solutions and services, e4 focuses on ensuring business processes are streamlined, electronic and strategic in its approach.
The end-to-end service offering includes full management support throughout the service life cycle and is supported by a 24-hour availability policy.
The introduction of Convergence Partners and Stockdale Street as new investors in April 2016 has enabled the e4 Group to accelerate growth through new product and services development, and further expand its geographic footprint.
Convergence Partners is an investment management firm focused on the technology, media and telecommunications (TMT) sector in Africa. It has a proven track record of developing new investment opportunities as well as adding value to investments across the entire life cycle of ICT assets. Stockdale Street manages the Oppenheimer family's South African private equity interests investments, alongside strong management teams in established companies that have sustainable competitive advantages and favourable growth prospects.
e4 and its subsidiaries employs over 400 staff at offices in Johannesburg, Durban, Pretoria, Cape Town and Namibia, with satellite offices in PE, Bloemfontein, East London and Mpumalanga.
Our comments policy does not allow anonymous postings. Read the policy here