The adoption of connectivity solutions for businesses and people in Kenya is on an upward trend (backed up by solutions such as this, this and this), a feat that can be attributed to the availability of cheap smartphones and in extension, pocket-friendly internet plans from carriers and ISPs.
Connectivity was adopted by businesses in the local scene more than two decades. Recently, we have seen stiff competition from service providers in this field, which is why the amount of investment needed for connectivity adoption has decreased. This has enabled access to connectivity solutions for informal businesses and SMEs, which was not the case a few years ago. Based on these pluses, any business that wants to grow and stay competitive can afford speed and capacity that can position them in a better position in delivering services and products to their clients.
Admittedly, the uptake of connectivity in businesses is surely a technological stride but it comes at a cost if owners do not take cybersecurity concerns seriously. In a connectivity world that incorporates the cloud, Internet of Things (IoT) and apps, it is extremely risky to have a relaxed approach to cyber threats. Vulnerability is also fueled by businesses using old or outdated computer hardware and software as well as poor or missing security policies that fail to establish security protocols. In addition, lazy oversight and missing procedures for securing information encourage vulnerability.
In 2016, Kenya lost more than $175 million to cybercrime or related cases. Not so long ago, the Kenya Revenue Authority was hit by hackers, and the agency lost more than $40 million of revenue. The most recent case happened a few weeks ago where a wave of ransomware called WannaCry hit several organizations in several parts pf the globe.
For these reasons, it is absolutely necessary for Kenyan businesses to take an initiative in ensuring that their trade is protected from cyberattacks and reaping the benefits of connectivity at the same time.
Getting rid of human vulnerabilities
Practically, the first step in safeguarding information in your business is to establish security policies. It is paramount that such policies are comprehensive and up to date. The policies need to be revised intermittently in response to the nature of threats. Secondly, protecting information calls employees to know and adhere to security policies.
As mentioned above, businesses and the government are the most vulnerable thanks to a record increase of attacks targeting personal/financial information or company secrets. The information can be used to steal money, access classified information or perform acts of cyber espionage.
The truth is that cybersecurity is a vulnerable part of businesses. If not adequately protected, the cyber space offers a vulnerability that can be exploited with minimal effort. However, the human error is a much more easily exploited side in business’s connectivity solution and is largely unseen in the overall conversion over securing connectivity. Human error manifests itself in several ways, including 1) lack of information on security policies, 2) a failure of safe use of social media, 3) misuse of company computers or 4) repeated use of weak passwords.
It should be noted that human error is the primary contributing factor to cybercrime. Statistically, human error accounts for about 35 -53.5% of cyber breaches that are brought about by preventable employee mistakes or sabotage from within a business. Further statistics have pointed out that out of 72% of cybercrime breaches, 35% are can be tied to human error. In other words, humans are the weakest link in cybersecurity.
Eliminating human error must include training employees who use computers in a business setup, system admins, help desks as well as managers and executives who use specialized software about security procedure. moreover, training has to incorporate safe internet, email and desktop practices, to mention a few.
According to Telkom Kenya’s Enterprise Division head Kris Senanu, training should be accompanied by the development of operating procedures that target addressing cybersecurity to help in ‘converting employees to become efficient human barrier to cyberattacks.’
Sponsorship from the top
Securing connectivity solutions in a business is not solely an IT problem. It is a multifaceted headache that needs an enterprise-wide approach to oversee its management. While it is impossible to totally protect businesses from cyber threats, adopting best practices that are risk-based should come in mind, and this should involve the implementation of a comprehensive strategical framework that mitigates risks brought about by cyber threats. Business enterprises must find reason to establish and maintain a leadership team that identifies and addresses risks for communication networks and services.
Form a governance point of view, the executive team should determine who within an organization should lead the deployment of a cybersecurity program. The program includes identifying known risks and established controls. In like manner, a best practice may find it necessary to establish a cross-organizational committee of senior board members that brings together the full range of enterprise knowledge and capabilities. In sum, this should include IT and enterprise security, as well as business owners.
It should be noted that leadership is vital. Choosing an executive who is capable to perform cross-functional duties to lead such a committee can aid ensure that efforts are geared upon enterprise-wide concerns, rather than meeting a narrow scope without the merits of a wider enterprise adoption.
To quote Mr. Senanu, senior management must aware of the latest trends in cybersecurity trends and business processes, not to mention enterprise structures that are key in in maintaining a secure business enterprise.
Massive Investment in Cybersecurity Technologies
Lastly, Kenyan enterprises have to ascertain that the technologies employed in mitigating cyber threats conform to global standards in terms of consistency and practices. For instance, the notion that a virus protection program is enough to eliminate cyber threats must be thrown out of the window since antivirus programs are mostly ineffective for connectivity solutions in businesses.
Having said that, businesses are always reluctant to boost cybersecurity thanks to massive investments needed, especially in situations where a business deems that its operations are secure.
All in all, investing in these technologies, in addition to training workers about cybersecurity is the best way to bolster a business’s defense against cyberattacks.