Category: Vox 4 Thought

By Tim Wood, CIO, Vox

With the economic rollercoaster ride of 2020 drawing to its uncertain conclusion, CIOs and business leaders are formulating and finalising strategies for what is hoped to be a new year of growth and recovery. There can be no doubt that technology and IT infrastructure will underpin and shape the majority of 2021 strategies – with the global pandemic having radically accelerated many digital transformation journeys (while propelling other businesses into newly formed digitisation initiatives). Arguably, the key to successfully leveraging technology to drive growth and recoveries in 2021 will be determined by the clarity of thinking around IT strategies – as well as leadership’s commitment to simplifying complexity while simultaneously harnessing emerging technology tools and platforms. All too often, decision-makers sway between investing in a plethora of tools that bring risk and complexity into the business environment, or doing too little and falling behind the rapidly evolving enterprise technology ecosystem.

To avoid either scenario, we have highlighted the four critical areas of focus for CIOs that can both deliver business value while enabling growth through savvy cost management…

1 – Clarify the WFH model

Although South Africa’s extended national lockdown forced many businesses to shift to remote working in a very ad hoc way, many have now settled into this mode of working as a way to manage costs in the wake of the crisis. At this stage, it is very important for leaders and CIOs to provide clarity around whether remote working will be a permanent feature for the business – or whether it will pursue a full return to the office.

Without this clarity, the technology support behind employees will be a patchwork affair as opposed to a formal and well-structured system with the requisite features. It also goes without saying that if remote working is being made permanent, then there must be a robust and detailed strategy to ensure that employees are able to perform both productively and professionally. For one, this means making sure that connectivity is guaranteed for every staff member, along with the required endpoint security. Looking ahead, providing some form of remote working and flexibility is becoming a core feature of talent retention and HR strategies – so businesses that remain unclear and/or unprepared for this will be quickly outperformed by their more nimble and responsive rivals.

2 – Get Proactive about Data Protection

With South Africa set to implement its landmark Protection of Personal Information Act (POPIA), CIOs are under pressure to ensure that their data management systems and processes are ready – which will naturally bring them in closer alignment with global best practices and a stricter international data privacy environment. Now is the time for CIOs and their teams to conduct detailed reviews of their systems across all disciplines, which should also include the rules of engagement with employees, contractors, client and third party suppliers. Consumer data privacy is likely going to be a highly topical issue in 2021, and businesses have to consider data leaks and data protection as one of the foremost business risks (and priorities) going forward.

As we have seen, cybercriminals and hackers are becoming more sophisticated in their attacks, and the use of techniques such as social engineering and whaling are becoming scarily commonplace. No business is immune, from large multinationals to start-ups to SMEs, and this makes investment into cybersecurity – as well as cyber insurance – increasingly important. A major part of this investment should include ongoing employee awareness initiatives and training, as well as cyber-attack simulations, vulnerability assessments and audits to make sure that the risks are very clearly understood across the organisation.

3 – Consider Automation of Key CX Touchpoints

As most business analysts agree, customer experience and the seamless resolution of queries is already a major differentiator of brand loyalty and business sustainability. Yet this requires investment into the right technology, guided by a very clear and intentional change management process to ensure that the technology serves its purpose (and doesn’t simply bring complexity and confusion). With this in mind, we believe that the automation and use of AI to drive certain interactions will be key – for instance, by providing chatbots and self-service mechanisms which allow customers and consumers to resolve things independently and at their own pace and convenience. In addition, enabling consumers to transact via intuitive and secure e-commerce channels will also be a key differentiator, and these channels should leverage AI and self-service to make sure that browsing, ordering, payments, deliveries, etc, are all supported by real-time, responsive functions.

It must be noted, however, that automation and indeed any new tech investment should have a clear and well documented business case behind it (ringfencing both scope and costs) – as well as a supportive infrastructure that is inherently agile and responsive to a changing consumer environment. Where technology implementations are proving too costly or far removed from the core business offering, CIOs should not hesitate to pivot and change tack to prevent wasted resources. Importantly, every technology initiative should be underpinned by agile development methodologies with the aim of reducing manual interventions and processes where possible.

4 – Keep a Hawk-Eye on Business Value

In an age whereby technology innovation is developing at a lightning-fast pace, CIOs have to balance the temptation of adopting every new trend with a moderate and thoughtful approach to change management and business growth. This can be achieved by working more closely with business and finance functions to identify where, for example, it makes sense to reduce Capex spend by moving to Cloud environments, and where technology can clearly deliver on business value through increasing sales and revenue. Moreover, 2021 will likely be a year in which CIOs have to use technology as a savvy cost management tool – shifting to outsourced services where it makes sense, for example, and using software to gain real-time views of expenses, productivity, sales performance, and much more.

While 2021 is sure to be a year of recovery and renewed innovation, success will be defined by seamless and engaging customer experiences as well as corporate professionalism – both of which can be fundamentally supported by proactive technology strategies.

The spate of cyberattacks targeting individuals in South Africa in recent months necessitates a more cautious approach to our online activities.

What can we do to become more cybersecurity aware especially with the festive season around the corner?

Not only must digitally-connected South Africans keep the threats of previous years in mind, but hackers have become more sophisticated thanks to the connected lifestyles of South Africans. For example, email and text phishing will almost certainly remain a constant threat. However, more elaborate tactics designed to compromise your financial information and steal your identity are coming to the fore.

Related: What can organizations do to prevent the rise of phishing attacks?

Before we explore some of these, also remember that this is an opportune time for fraudsters to exploit our collective goodwill. Fake charity scams are not unique to the internet. But when combined with all the COVID-19 scams that have been flooding our devices the past several months, it is easy to have one slip through and donate by accident. The best way to mitigate the risk of this happening is to phone the charity and confirm the outreach to your device. The minute or two it takes to make a call can save you countless hours of trying to recover your funds and change your online banking details.

Another familiar, but largely ignored tactic, is to keep your mobile device locked when you are not using it. Lost or stolen phones and tablets are perhaps one of the most significant causes of compromised personal data. If your device supports it, activate the biometrics security feature. This would then require either a retinal or full face scan to unlock the device. At the very least you must lock your phone or tablet with a strong password that contains upper and lowercase characters, special characters (for example $,%, &) and at least one number.

One of the most critically important lessons is to never use public Wi-Fi networks especially when it comes to your online banking and shopping. Even though it is tempting to use the Wi-Fi available at a coffee shop, restaurant, or shopping centre, rather switch your wireless access off completely. Using specialised tools, hackers can ‘eavesdrop’ on these public networks and steal your passwords and other details without you being any the wiser.

Now, when it comes to your device, it is important to always keep your apps and operating system (whether it is Android, iOS, or something else) up to date with the latest patches. These contain essential security features that protect you against some of the latest developments in cyberattacks. Also, uninstall applications you do not use. Not only will this free up additional storage space, but it also reduces your digital footprint by eliminating potential weak points in your security.

Related: Total Security to keep your family protected

It is advisable to disable your location settings when you are out and about. For example, if you check-in at the movies or at the destination of your fishing trip, those who follow you on social media will see you are not at home. Criminals might exploit this information to break in or commit other nefarious acts. As part of this, wait until you are home from holiday before sharing those happy snaps of the beach or bush getaway.

Related: How safe is your home this festive season?

The final tip is the most obvious of all. Your phone and tablet are the windows to your online life. And just like you would not dream of running a laptop without security software installed, so too must your mobile devices also include protective software. It might be tempting to download freely available software to accomplish this, but rather invest a few rands into buying a quality mobile solution.

This will go a long way to ensure your festive season is a safe and happy one.

A recent US survey has found that 77% of consumers are concerned about online identity theft.

34% of respondents indicating they had experienced a cyberattack, it seems a matter of when rather than if a person gets hacked. Meanwhile, South Africa has the third most cybercrime victims in the world, losing R2.2 billion a year. All this suggests that our increasing connectedness requires a rethink of how to better keep our digital lives safe.

Central to any cybersecurity approach is getting the basics rights. This revolves around applying common sense to help guide us in our activities in the cybersphere just as they do in the physical world.

Related: Cybersecurity in the physical security world

Dos and don’ts in our everyday online activities

 Firstly, you must use a different password for every online account you have. These passwords must be hard-to-guess and never be written down. This is easier said than done given how extensive our digital footprint is. From the laptop (or smartphone) passcode through to email, social networks, online shopping, online banking, messenger apps, and other passwords, it is not difficult to imagine that each of us can easily require 10 or more unique passwords.

This is where a password manager becomes critical. Typically, you would need just one login to get into the manager with the solution providing encrypted passwords to get into each of your online accounts. While there is a myriad of freely available tools that can do this, it is worth investing in a product from a reputable vendor.

Adding on to this, you should consider opting in for two-factor authentication if the service allows for it. This means you rely on more than just a username and password to login to an account. In most instances, this could take the form of an SMS to your phone providing a one-time password (OTP) to confirm it is, in fact, you that is trying to login. So, even if a hacker guesses (or steals) your password, they still need physical access to your phone (or another device) to gain access.

Despite the high number of malware and phishing scams out there, many people still click on links they get or download and open attachments they receive via email. Nowadays, this could extend to opening malicious videos on instant messenger apps like WhatsApp or Facebook Messenger. It is therefore critical that you never click on any link that cannot be verified. You can simply contact your friend to confirm the message or by simply deleting it. You must avoid emails from unfamiliar senders.

Related: One click can kill your company

Looking for grammatical errors and spelling mistakes on messages claiming to be from the bank or insurer are easy ways to spot a fraudster. Another giveaway is links that do not work or that redirect to sites you do not recognise. Hover over a suspicious link with your mouse to see where it is going and avoid if it seems like a strange site.

While social media has become the preferred way for many people to keep in touch with friends, family, and loved ones, we must be vigilant in the personal information we post on a social network. Check your privacy settings to ensure only friends can see your posts. This keeps the information limited to a smaller circle of people.

Unfortunately, many people (including children and teenagers) share everything about their lives. Not only is this potentially dangerous from a real-world perspective (think kidnapping, human trafficking, and home break-ins), but it can also result in online identity theft.

Related: Digital privacy – Does it still exist?

The best cybersecurity technology in the world means little if we do not take responsibility for our own online behaviour. It is about being vigilant about what we do and share in the digital realm and questioning every email and link we do not recognise.

Implementation of advanced threat protection helps supplier recover from phishing attack and strengthen security posture.

 A leading South African supplier  to the logistics sector discovered that it was the victim of a malicious phishing and scamming attack that compromised their systems and resulted in fraudulent emails and invoices being sent out to contacts from the mailbox of a senior employee, and turned to Braintree, the consulting and integration division of Vox, for assistance.

The matter was only brought to the organisation’s attention when a recipient of one of these fraudulent emails questioned its authenticity, highlighting the need for the ability to detect and mitigate such phishing attacks as soon as they occur, in order to protect against reputational damage, data loss, or even financial loss.

Related: What can organizations do to prevent the rise of phishing attacks?

And increasingly, legislation being put in place worldwide to protect data privacy, such as the General Data Protection Regulation (GDPR) in the European Union, holds organisations accountable if customer information is lost or misused as a result of poor data management and protection practices.

“Cybercrime has turned into big, organised business, with small and medium corporates high on their list of targets as these organisations often do not give security the same level of consideration as larger companies, who might have entire teams dedicated to take care of their security. Data in fact shows that 58% of breaches take place at smaller organisations, and the average cost per breach is US$120 000.

Though there has been a long-standing misconception that only the enterprises are at risk from cybercrime, this is changing and more small businesses are getting serious about security,” says Chris Badenhorst, Strategic Head for Azure at Braintree.

Related: Cybersecurity: Eight steps to protect your business

These smaller organisations often operate in a hybrid environment, with some of their functions in the cloud, and the rest on premise – where the biggest threat is presently. Turning to a partner like Braintree provided the affected customer with access to some of the leading, certified security consultants in the industry, who are able to combine software with global best practices and local industry expertise. The solution was not to just sell a product, but to provide a full range of software and hardware recommendations to ensure that the customer can significantly improve their security score.

Remote and on-premise assistance

The successful attack happened despite their efforts to protect their environment, with a malicious Outlook Rules Exploit that originated from an usual phishing method: targets receive emails from people who are their contacts or known organisations, that include links. When the link is clicked on, they are taken to a fake Office 365 login page aimed at stealing their details, and adding Outlook rules that forward the target’s emails – usually those that are financial in nature – to the hackers. Emails may also be sent to the target’s contacts in order to spread the malware further.

Following an audit of their existing software, it was recommended that they migrate to using Microsoft 365 Business Premium, which provides them with advanced identity, security and device management features. While the licenses for users were set up remotely, a managed IT services team from Braintree was sent out to the customer in order to roll out Microsoft Defender for Office 365, which helps protect against threats that come via email attachments and links, as well as ransomware, malware and zero-day threats.

“The managed IT team then carried out deep scans of PCs and laptops – while unplugged from the broader network – at the customer premises in order to remove the malware within the course of an afternoon. Following this they began applying upgraded security policies to protect the businesses information on mobile devices, using Microsoft InTune,” says Badenhorst.

Related: Vox Managed IT – Daly Morris Fuller Case Study

The time taken to recover from cyber attacks is largely dependent on the nature of the attack and its severity. This particular customer was fortunate in that the malware was discovered before it could cause more severe harm. Servers that are held captive by ransomware, where even a company’s backups might still carry the malware, can take much longer to resolve.

Braintree also helped set up Azure Information Protection, which provides the customer with data loss protection (DLP) features, including the ability to better track, manage and protect their emails, documents and other confidential information shared with people from outside the organisation.

Related: Downscale your office and not your business with Braintree Azure KickStart for SMMEs

“All these improvements means that both Braintree and the customer are immediately alerted if there is either a breach, or if there is an attempt to send sensitive information via email to external parties. What we have put in place will ensure that the business is taking a more proactive approach to mitigating risks and improving their security score,” says Badenhorst.