Cyber security is not just an optional safety net. With the launch of the Protection of Personal Information Act (POPI), it has become a legal obligation. In the wake of the rapid growth of e-commerce and online banking, personal information has gained the status of a hard currency.

To an enterprising hacker, a list of email addresses or credit or debit card details could be worth a tidy sum when sold on the dark web. Some less reputable companies have been known to finance such activities to further their marketing efforts.

In effect, data theft ultimately amounts to bank robbery. It is equally lucrative but far less risky than the conventional hands-on approach. Ransomware is one of the latest developments that businesses must contend with. Unlike most viruses, which are mainly inconvenient, ransomware freezes a company’s IT systems until their owner agrees to pay the attacker. It is, therefore, fortunate that digital technology offers several effective ways to defeat these and other common cyber threats.

Some Common Countermeasures in Cyber Security

Here are a few common countermeasures used in cyber security:

  • Firewalls: These are hardware- or software-based, or a combination of both. They form a barrier between trusted internal systems and dubious external systems like the Internet. They inspect incoming data packets, accepting or blocking them based on factors like source, destination IP, targeted ports, and protocols.
  • Antivirus Software: These are commercial, continuously updated products designed to scan incoming files, compare them against a database of known virus signatures, and delete or block suspicious code.
  • Encryption: This is a technique used to protect digital data in transit and involves transforming plain text into an unreadable format. The encrypted data can only be decoded and read by an authorised recipient who has the correct decryption key.
  • Patch Management: Software vendors offer regular updates or “patches” to secure any system vulnerabilities a hacker might exploit. These updates may occur automatically or require the user to perform them manually.
  • Network Segmentation: By dividing a network into multiple subnets, each with its specified policies and controls, one can limit the spread of potential security threats. Including virtual local area networks and a demilitarised zone provides a multi-layered defence strategy with multiple protection points.
  • Multi-Factor Authentication: This widely used cyber security measure is a means to manage internal access to designated systems. Authorised personnel are identified in various ways. The most common of these requires entering a username and unique password. Where even tighter control may be necessary, a third parameter, like a one-time code generated by the system and sent to the employee’s mobile phone, might be needed to gain access. However, biometric verification with a fingerprint is gaining traction and can also be used to control access to restricted areas.

Cyber Security: The Legal Implications

Without going into too much detail, the POPI Act states unequivocally that the responsibility for protecting personal data from corruption, loss, or illegal access lies with those who undertake to store it. However, managing the practical aspects of data protection requires specialised knowledge and skills.

We at Geeks4Learning are an accredited IT training academy with an extensive prospectus, including courses in state-of-the-art cyber security and ethical hacking. Data breaches can occur without warning. Contact us for help preparing your IT staff to defeat them.