The People Principle in Security

Security systems are only as successful as the people who sit behind them

In May 2020, the personal records of more than 24 million South Africans and nearly 794,000 companies were handed over to someone impersonating a client. The personal records, identity numbers and addresses of millions of people and thousands of businesses were given to this person because they had fooled the system. It’s a hard lesson in how important it is to embed security not just into the technology and the devices of a company, but into its people. According to Anna Collard, SVP of Content Strategy and Evangelist, KnowBe4 Africa security is not just the responsibility of IT, it is the responsibility of every single person in an organisation.

Anna Collard, SVP of Content Strategy and Evangelist, KnowBe4 Africa security
Anna Collard, SVP of Content Strategy and Evangelist, KnowBe4 Africa security

“It is critical that organisations create a culture of security in order to combat this increasingly hostile security environment,” she adds. “A successful security culture is driven by leadership, the human resources (HR) department, internal marketing & communication and ongoing security training. Truly agile and capable security is a people project, not a technology one.”

Read also:Over 254,000 Moroccans Are Registered for Social Security in Spain

Successful security balances on three pillars: technology, policy and people. The technology is the firewalls, the anti-virus, the ongoing alerts and the endlessly evolving bouquets of solutions that are designed to give the business an edge in the war against cybercrime. Policy is what outlines the processes that people across all levels of the organisation have to follow in order to ensure that the technology can do its job, that checks and balances are in place as well as to guide people on what they can and cannot do in the digital realm. People are the key to ensuring that both technology and policy actually work.

“This is why HR has to be involved with security,” says Collard. “It is fundamental to changing behaviour within the organisation and helping to build a culture that recognises the importance and value of security. It is, of course, also the disciplinary arm that enforces policy and that ensures there are consequences when people continue to break the rules or fall for phishing scams or perpetually do the wrong things.”

Read also:Security Token Trading In Mauritius Now Eligible For Licensing Under New Regulation

Whether the organisation incentivises or punishes – security has to have consequences. Employees must see that the executive is as tightly bound by the regulations as everyone else. And they need to understand exactly what these regulations are, why they are important and the implications that failure can have on their jobs and the future of the organisation. With data protection regulations such as South Africa’s Protection of Personal Information Act (POPIA) in full effect, the cost of an avoidable mistake can result in hefty fines or even imprisonment for the directors of the company. A mistake that can be as simple as someone clicking on a phishing email, falling for a social engineering call or unleashing a ransomware virus because they didn’t recognise the risk.

This is where good communication becomes as essential as good technology. “The way we communicate, the content we use, and the way that it’s distributed can make such a difference in how an organisation creates a strong security culture,” adds Collard. “It’s a blend of HR people practice, security good practice and marketing best practice. These three elements need to be pulled together to create a cohesive security ecosystem that ensures people truly understand that their actions can have serious consequences.”

Read also:South Africa’s Cybersecurity Startup Sendmarc Raises Funding From Kalon Venture Partners

This level of engagement can be achieved in multiple ways. Empower a person who interacts with the different stakeholders across the business and who has the right support from the executive and HR. This role will then be committed to ensuring that security culture is carried throughout the company by implementing the right training platforms, incentivisation/punishment systems and driving participation.

“Success will depend entirely on the level of stakeholder buy-in, the depth of the training and a commitment to ensuring that the training is ongoing and measurable,” concludes Collard. “Security training has to be iterated and repeated constantly to ensure that people are always kept aware of its importance and any changes in attack vector or threat. Only by keeping security top of mind, all the time, can an organisation truly embed a culture that’s capable of staying secure and alert.”

Kelechi Deca

Kelechi Deca has over two decades of media experience, he has traveled to over 77 countries reporting on multilateral development institutions, international business, trade, travels, culture, and diplomacy. He is also a petrol head with in-depth knowledge of automobiles and the auto industry

Worry free security at just the push of a button

McAfee

We understand that security is a top priority for every business, that’s why we’ve teamed up with cyber-security experts McAfee to bring you, not only protection against today’s security threats but those of the future.

Protecting your printers should be as easy as pushing a button. That’s why our image RUNNER ADVANCE devices are secure by design. But we understand the risks of being connected in a modern world. Malware is advancing faster than ever and that’s why we constantly look to bring our customers the latest in security and innovation.

Our new partnership with leading security experts, McAfee, makes sure you have the very best in print security. As threats evolve, so too does the McAfee Embedded Control Software, meaning your business will always be protected.

McAfee
 

According to Roman Troedhandl, Managing Director, Canon Central and North Africa (CCNA) and South Africa, “The office of the future is evolving and so are our products. We understand that your device isn’t just a printer anymore, but a connected hub supporting numerous cloud applications to streamline your workflows and enhance productivity. Our partnership with McAfee gives you the most up-to-date security to help protect your connected devices against the threats that we can predict today as well as the unknown threats of tomorrow.”

The security industry moves fast. But we won’t leave you behind. Our regular firmware upgrades provide the latest security innovation. No expensive hardware replacements needed, we just maximize your investments through access to six-monthly updates. You get the latest features and functionality, including McAfee Embedded Control Software which will become available in our upcoming version 3.9 firmware update.

“We want to give our customers the best value for their IT investment. As the security landscape advances, it’s easy for device protection to become out of date. With each firmware update, our customers will be given the latest innovations and the best security solutions available until the end of life” Roman said.

We understand that it can be difficult to manage security threats across a fleet of devices. But we will work closely with McAfee to offer a constantly evolving whitelist of authorized applications, so you know you’re safe from unknown applications, unintentional breaches, and malicious attacks. Our Unified Firmware Platform (UFP) makes management a breeze with the guarantee that the same quality of security and user experience is rolled out across every imageRUNNER ADVANCE device.

“As the number of connected devices in an organization grows, so do the risks from malware and attacks,” says Brent Smith, director of OEM Sales, McAfee. “McAfee Embedded Control ensures the integrity of systems by only allowing authorized access to devices and blocking unauthorized executables.

In today’s modern-day threat landscape, we consider this alignment with Canon to be a win and one that can help provide companies with the necessary assurance that their confidential business data will remain protected, even as office document workflows evolve.”

 

 

Kelechi Deca

Kelechi Deca has over two decades of media experience, he has traveled to over 77 countries reporting on multilateral development institutions, international business, trade, travels, culture, and diplomacy. He is also a petrol head with in-depth knowledge of automobiles and the auto industry.

Facebook: https://web.facebook.com/Afrikanheroes/