Data Privacy and Cyber Security in South Africa
In South Africa and the world as a whole, it can be said that the cyber risk and data privacy landscape is constantly evolving and thus it is imperative that we as individuals and business keep abreast of all potential risks as they emerge. But what are cyber attacks? This is a deliberate exploitation of your individual or company systems and/or network. Cyber attacks use malicious codes to compromise your computer, logic or data and steal, leak or hold your data hostage. Due to the breakout of the COVID-19 pandemic which drastically reshaped every aspect of our personal and professional lives one of the most understated, yet compelling impacts of the pandemic has been the risks associated with our personal cyber habits in a remote working environment.
In the past it was easier for businesses to implement the necessary controls for employees who were working on the company premises and using the company’s devices which had the latest anti-virus, software patches and were regularly monitored and updated using company resources on company time. The lockdown regulations implemented in South Africa that came as a result of the pandemic meant that most companies abruptly implemented a remote working policy for their employees without doing the necessary due diligence and providing their employees with tools that will aid them in staying abreast of the cyber risks. Thus, it was inevitable that due to the use of personal devices, unsecure WIFI networks and lack of adequate knowledge of cyber security by employees the result was that it was open season for hackers to corrupt individuals and company data and networks.
Today we live in the digital age and with this businesses are facing new threats. Cyber- attacks and data breeches are the most common threats and must be considered a priority for SMEs. Large corporations usually have provisions in place to fight or prevent such attacks from taking place however, many small enterprises believe they are too small to face cyber-attacks, leaving them extremely vulnerable. Many small businesses do not understand the risks involved with one simple cyber-attack or data breech which can result in financial losses and, in severe cases, insolvency procedures.
In South Africa, we unfortunately do not have a clear definition of cyber- crime and because of this many investigations and prosecutions related to cyber-crime and data breaches have been hindered. Previously South African legislation did not fully respond to the challenges involved in combating cybercrime. This has changed with the newly enacted Cybercrimes Act (Cybercrimes Act 19 of 2020) which defines cybercrime as including, but not limited to, acts such as: the unlawful access to a computer or device such as a USB drive or an external hard drive; the illegal interception of data; the unlawful acquisition, possession, receipt or use of a password; and forgery, fraud and extortion online. Section 3 of the Act makes provision for offences relating to personal information (as defined in the POPI Act) including the abuse, misuse and the possession of personal information of another person or entity where there is reasonable suspicion that it was used, or may be used, to commit a cybercrime. South Africa has not merely moved from an old data and cyber- crime
protection legislation to an updated one but has also introduced data protection legislation for the first time.
It will be the responsibility of companies and individuals to ensure that they educate themselves on the necessary information and Acts relating to cyber security and data protection to avoid cyber-attacks and data breeches.
- My top 5 tips for staying safe while online would include:
- Keeping your software and systems fully up to date
- Backing up your data
- Controlling and limiting access to your systems