There’s no doubt about it, we’re heading for a future where digital technology will play a key role. Digital technologies, such as the Internet of Things, will bring an additional US$14 trillion to the world’s 20 largest economies by 2030, or one-fifth of the world’s gross domestic product! However, in the Middle East and sub-Saharan Africa, many companies are hampered in their use of new technologies by the lack of a strong security policy.
According to research conducted by the Mauritius Commercial Bank (MCB) in 2015, electronic devices are frequently used to surf the internet, and in the following ways:
- 90% of Mauritian Internet users use a computer, but many use multiple devices
- 75% connect on their smartphones
- 52% through a touchscreen tablet.
This study shows that the smartphone reigns supreme, both in private and professional life, becoming the most used connected device during the day. In fact, about 80% of Internet users aged 18 to 44 say they have one.
In the meantime, the question many business leaders are asking themselves is how to bridge the gap between innovation and security.
Don’t be afraid of the headlines
Cases of cyberattacks are a concern for many, discouraging companies from adopting new technologies such as cloud computing, which accelerates the migration to digital. Nevertheless, these new technologies are designed with security and privacy policies in mind.
Microsoft, for example, spends US$1 billion a year on security, a figure far greater than that spent by companies on a traditional server. The fact that banks are at the forefront of the digital revolution, especially in the Middle East and Africa, clearly demonstrates the level of trust. Note that in the Middle East, all medium-sized banks are ready to go digital this year. As a result, 65% of banks have begun to implement private cloud technology or plan to deploy it within the next 12 months.
Sub-Saharan Africa accounts for 53% of global money transfers and in Mauritius digital banking is booming. The majority of banks present on the island offer an online banking service (Internet Banking), in order to better meet the demand of their customers. Based on this principle, MCB is pioneering the mobile application “Juice”, which allows for many banking transactions. Banks see this service as a real opportunity to improve their operational efficiency, while optimizing their resources.
According to Marc Israel, Chief Technology Officer, Microsoft West, East and Central Africa, it is advisable to “avoid engaging in a banking transaction (online payment, transfer, etc.) while connected to a public WiFi network. Always use your own secure WiFi network or a wired network. Most public WiFi networks (hotels, airports, restaurants, etc.) still have very basic security that is easily compromised.”
Prepare your company for change
It is not only the IT department that has to adapt, but the whole company. A study conducted by Capgemini does not talk about digital aptitude, but about digital dexterity.
First, you have to analyze how the IT department works. Security should not operate as a complex IT system, but rather as a core process that aligns with business objectives. It is crucial for companies to integrate security into all their networks, applications and access points in order to detect, analyze and repel suspicious activities.
“One of the most invisible threats is what is called Shadow IT. These are applications that users install without the knowledge of the IT department and that can introduce unintended vulnerabilities. Conduct a security audit and implement a behavioral analysis strategy to detect any dangerous applications,” says Marc Israel.
Regardless of whether you have watertight systems and procedures in place, a lack of employee security awareness can be risky.
“Most breaches today are the result of simple mistakes made by employees by clicking on corrupted links in emails, or downloading malicious attachments, or neglecting security policies and training,” says Paul Fisher. The research director of Pierre Audoin Consultants has conducted studies on the role of identity and access management in digital conversion.
“The security of employee identities begins with a policy of strong passwords, i.e. those that are difficult to guess through a brute force attack, and which must be changed several times a year. Then comes the implementation of a two-factor authentication (for example by sending a code by SMS) guaranteeing a secure remote access” according to Marc Israel,
“The security of computer systems starts with their updates. Take care to perform all security updates on all the devices you manage: servers, routers, mobiles, personal computers, tablets, etc. A vulnerability is quickly exploited by hackers of all kinds, leaving your system vulnerable,” explains Marc Israel.
Play a role in public education
In addition to managing their own security, companies have a role to play in creating a trusted environment for the Internet and for everyone. Ultimately, a digitally competitive business needs customers who are knowledgeable and believe in the digital world.
Businesses have an opportunity to partner with the public sector to educate the public on policies and laws against cybercrime. They can establish safety principles and commission studies to identify factors that increase online risks.
Companies should commit to being transparent with their handling of customer data, and organizations should share information about potential threats. This is done by banks, which have a high level of sharing with their competitors.
“Prevention is key, but so is education. The IT department must share best practices in terms of IT security with all employees and their families. The weakest link remains the human being and his behaviour. Security is everyone’s business,” Marc Israel reminds us.