As modern organisations become more digital, they inevitably generate a greater number of cyber security risks. Therefore, the focus lies on ensuring the company’s IT department can react quickly to any such risk, as well as on deploying innovative solutions that will improve security.
According to Gerhard Mentz, IT Manager at Altron Fintech, the biggest threats organisations face today are ransomware and social engineering, both of which target employees who are not security-aware enough.
“While businesses can implement technologies to mitigate cyber security threats and undertake audits to ensure security processes are properly followed, their weakest point remains the employee. Therefore, it is crucial to spend enough time and money ensuring that all staff receive the requisite cyber security training,” he says.
“At Altron Fintech, for example, the most critical data we protect is the card information that we store, so this is obviously properly masked and encrypted, and we ensure our network is compliant with the Payment Card Industry Data Security Standards (PCI-DSS).”
Exposure of payment data, Mentz explains, is one of the biggest risks a financial services sector business faces. Such an event would have severe consequences for the organisation, and in order to prevent such a scenario, it is imperative to have partnerships in place to ensure a high level of PCI-DSS compliance.
He notes further that in this sector, it is vital to expose systems to constant vulnerability and penetration testing, while also implementing security policies to ensure employees and clients use proper security processes at all times.
“Security starts at the software development level, and developers undertake annual training to ensure that the code they write is secure. It is also crucial not to forget about legislation like the Protection of Personal Information Act (POPIA), and thus ensure that you have the relevant processes in place to keep this important data secure.”
“It is also recommended that your business undergoes regular audits, as well as external penetration and vulnerability scanning. Ideally, you should bring in a third party entity that can not only help to identify weak points in the system, but actually attempt to exploit these, so you can learn the best way to defend against a real attack.”
Mentz indicates the damage that can be caused to a business by failing to adhere to the above advice is enormous. Not only are fines punitive – and therefore large – but any forensic investigation that follows a breach will bring additional consequences. And this is without taking into account the potential financial, brand and reputational damage a breach may create.
“What the above demonstrates more than anything else is that cyber security, and in fact security in general, requires a many-angled approach. To be able to claim that your business is secure, you will need to have all the elements mentioned above in place – the latest technologies, regular security testing, ongoing security training for staff and the implementation of software that is PCI-DSS accredited – to ensure you have a 360-degree security focus.
“Ultimately, if you run a digital business of any kind, but especially one in the fintech arena, security needs to remain top-of-mind at all times. This means understanding everyone’s roles and responsibilities, implementing and maintaining relevant policies and processes, and consistently spending time, effort and money on ensuring your systems, staff, networks and business environment are kept as secure as possible,” he concludes.