The month of March signaled the 1st anniversary of South Africa – and almost every other country across the globe – being plunged into lockdown in its varying forms. It’s been roughly a year since most companies were forced to embrace or enhance existing platforms to provide for remote working. The impact of this “new normal” on companies’ networks and IT infrastructures cannot be understated, and has forced companies to relook at network security amongst other critical IT considerations.
It remains to be seen whether remote working is here to stay. A hybrid model of remote working and office-based work is at the least a viable prospect for the immediate future as companies and employees alike seek to find a balance and normalcy in a Covid 19 world. At the height of the pandemic’s first wave, cyber attacks increased dramatically as cyber criminals preyed on people’s vulnerabilities and fears. The wave of cyber attacks is not expected to ease and with the country preparing for further waves of the pandemic and restrictions on movement, it is vital that companies implement strategies and policies to effectively deal with the new normal.
The legislative framework governing cybercrime and cyber security is still in its infancy. Whilst the Electronic Communications and Transactions Act, 2002 regulates certain acts of cybercrimes, it does this in a limited fashion and is perhaps out of tune with the typical acts of cybercrimes commonly encountered today. The Cybercrime Bill seeks to further expand on acts that constitute cybercrime and places reporting and other obligations on financial institutions and telecommunications service providers where a cybercrime has occurred.
On 2 December 2020, the Cybercrime Bill was passed by the National Assembly and National Council of Provinces and sent to the President for his assent. It is unclear when the President will sign the Bill and bring it into force. In the meantime, the Bill provides an opportunity for companies to get their affairs in order and implement strategies that will safeguard their networks, but also ensure compliance with privacy and data protection laws in general.
There are a number of recommended actions that companies can employ to improve their network security. At the top of the list, educating and training your staff force on cyber security threats remains pivotal. This is especially important for companies that process large amounts of customer data and/or transactional material. Companies are waking up to the need to employ the generally accepted principle of safe processing of data. However, many employees remain unsure of – or indifferent to – the legal and reputational implications that may arise out of their negligence or inability to act in a certain manner. IT policies need to be revised to address areas where cyber security threats exist. IT policies should at a minimum address the use of permissible applications and software, the accessing of secured Wi-Fi and hot spotting, the accessing of the company VPN safely and the identification of phishing schemes; and should be extended to apply to employees’ personal devices by means of a BYOD (bring your own device)policy.
To back up this training, there should be appropriate security software and tools in place as well as properly crafted contracts with software providers and/or network security providers. In instances where data is stored in the cloud, companies should review their cloud-based platforms and contracts to mitigate against any additional risks.
Equally important is the review or drafting of dawn raid procedures and other response type processes in the event that a cyber security breach occurs on your network. It remains to be seen how effectively the Cybercrime Bill will be enforced once it comes into law, however the reputational harm and damages that could ensue should not be overlooked.
In summary, Covid 19 has been a huge disruptor and has forced many organizations to relook at their IT practices. Adaptability to these changes is crucial, that and decisive steps to ensure governance and compliance. And as Charles Darwin famously commented, it is not the strongest of species that survives, nor the most intelligent that survives. It is the one that is most adaptable to change.
For interviews or further information, contact Yvonne Wakefield at Caveat Legal email@example.com and +27 83 275 2971
Caveat Legal is a legal consultancy with a team of specialised and experienced lawyers in a number of commercial fields of law: www.caveatlegal.com
Caveat Legal is an innovative legal service provider that makes Big Firm-quality legal work available to businesses without the bells and whistles (and costs) usually associated with it.
We achieve this by making our panel of 55 Top Tier lawyers available to consult to businesses – either remotely or in house – on a brief, retainer or secondment basis. Caveat was founded in 2011 and has established itself as a market leader, covering all of the commercial fields of law and servicing an impressive range of medium-sized and large businesses.
Find out more about how we can help your business navigate and understand matters pertaining to Commercial Law. We’ll make an experienced Panel Member available as your dedicated lawyer on call to discuss your requirements as we aim to find the right solution for your business.