Search
Close this search box.

BUI Announces Commitment to Respecting Data by Becoming a 2024 Data Privacy Week Champion

BUI Announces Commitment to Respecting Data by Becoming a 2024 Data Privacy Week Champion

This year’s initiative emphasises educating businesses on data collection best practices that respect data privacy and promote transparency

BUI announced its commitment to Data Privacy Week 2024 by registering as a Champion. As a Champion, BUI recognises and supports the principle that all organisations share the responsibility of being conscientious stewards of personal information. Data Privacy Week is an annual expanded effort from Data Privacy Day – taking place from 21st – 27th of January 2024. The goal of Data Privacy Week is to spread awareness about online privacy among individuals and organisations. The goal is twofold: to help citizens understand that they have the power to manage their data and to help organisations understand why it is important that they respect their users’ data.

How To Prioritize Data Privacy With Your Customers

The US National Cybersecurity Alliance (NCA) recommends adopting the following market leading practices:

  • Be transparent about how you collect, use, and share consumers’ personal information.
  • Think about how the consumer may expect their data to be used.
  • Design settings to protect their information by default.
  • Communicate clearly and concisely to the public what privacy means to your organization, as well as the steps you take to achieve and maintain privacy.

Engage the experts

Remember that most employees aren’t privacy or security experts. You will need to build in mechanisms that make it easy for them to report privacy and security concerns to your experts. Just like tools for preventing privacy incidents are critical, tools that easily empower employees to report are necessary in your company’s privacy toolbox, too.

Outsourcing to professional cybersecurity companies takes a load off your plate and ensures you have the data protection you deserve.

Take Control of your data

All your online activity generates a trail of data. Websites, apps, and services collect data on your behaviours, interests, and purchases. Sometimes, this includes personal data, like your Social Security and driver’s license numbers. It can even include data about your physical self, like health data – think about how a smartwatch counts and records how many steps you take.

While it’s true that you cannot control how each byte of data about you and your family is shared and processed, you are not helpless! In many cases, you can control how you share your data with a few simple steps. Remember, your data is precious, and you deserve to be selective about who you share it with!

Follow these steps to better manage your personal information and make informed decisions about who receives your data.

About Data Privacy Week

Data Privacy Week began as Data Privacy Day in the United States and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe. Data Protection Day commemorates the 28th of January 1981, signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. NCA, the nation’s leading nonprofit, public-private partnership promoting cybersecurity and privacy education and awareness, leads the effort in North America each year. 

For more information, visit https://staysafeonline.org/data-privacy-week/.

About the National Cybersecurity Alliance

The National Cybersecurity Alliance is a non-profit organisation on a mission to create a more secure, interconnected world. We advocate for the safe use of all technology and educate everyone on how best to protect ourselves, our families, and our organisations from cybercrime. We create strong partnerships between governments and corporations to amplify our message and to foster a greater “digital” good.

For more information about Data Privacy Week and how to get involved, visit https://staysafeonline.org.

Improve your cybersecurity posture with an expert partner.

Cybercriminals are targeting enterprises big and small to try to gain access to sensitive, confidential, or proprietary data and resources.

How are you protecting your IT environment? Stay ahead of threat actors by choosing a managed detection and response service from BUI.

BUI supports global security awareness campaign

BUI supports global security awareness campaign

BUI is proud to participate in Cyber Security Awareness Month as a Champion Organisation for the sixth consecutive year. Founded in 2004, Cyber Security Awareness Month (held each October) is the world’s foremost initiative aimed at promoting cyber security awareness and best practices. The campaign is a collaborative effort among businesses, government agencies, colleges and universities, associations, non-profit organisations, communities and individuals to educate others about online safety.

“Knowledge and vigilance are essential when it comes to cyber security,” says BUI Global CEO Ryan Roseveare. “You need to know what to look out for. You need to know what to do when you see a red flag. And you need to be alert whenever you’re online. Cyber Security Awareness Month plays a key role in educating the public about common cyber risks and encouraging everyone to become more vigilant. BUI is pleased to join the international community in this focused effort to improve cyber security awareness worldwide.”

From smartphones to web-enabled home devices, technology is deeply intertwined with our lives. And while the evolution of technology accelerates, cybercriminals are working just as hard to find ways to compromise technology and disrupt our personal and business activities.

Cyber Security Awareness Month aims to highlight some of the emerging challenges that exist in the world of cyber security today and provide straightforward, actionable guidance which anyone can follow to create a safer, more secure digital world for themselves and their loved ones.

Starting this year, the new theme of Cyber Security Awareness Month is Secure Our World. The main messaging revolves around four cyber security practices:

  1. Creating strong passwords and using a password manager. The strongest passwords are long and unique, with a mixture of character types (lowercase letters, uppercase letters, numbers, and symbols).
  2. Enabling multi-factor authentication whenever possible. Multi-factor authentication, or MFA, adds an extra layer of security to digital accounts by making secondary authentication mandatory.
  3. Recognising and reporting phishing. Public awareness is essential as cybercriminals continue to refine their tactics for phishing scams conducted through emails, text messages, chats, and phone calls.
  4. Keeping software updated. The latest updates and security patches are important to install to ensure that operating systems, internet browsers, and applications are safeguarded.
  5. Cyber Security Awareness Month continues to build momentum and impact with the goal of providing everyone with the information they need to stay safe online. BUI is proud to support this far-reaching online safety awareness and education initiative, which is co-managed by the Cyber Security and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance.

    For more information about the 2023 Cyber Security Awareness Month campaign, you can visit the CISA and Stay Safe Online websites. You can also follow BUI on LinkedIn, Facebook and X (formerly Twitter) for helpful tips and resources throughout October, and join the global conversation by including the hashtag #CyberSecurityAwarenessMonth in your own social media posts.

Improve your security posture with an award-winning technology partner.

Cybercriminals are targeting enterprises big and small to try to gain access to sensitive, confidential, or proprietary data and resources. How are you protecting your IT environment?

Stay ahead of threat actors by choosing a comprehensive managed extended detection and response service from BUI. Contact our team to explore Cyber MXDR today.

Practical pointers to help you improve workplace data security

Businesses that take a proactive approach to cybersecurity are better equipped to safeguard sensitive data and spot suspicious activity.

Keeping sensitive data safe and secure is a challenge for businesses of all sizes. Major shifts in the workplace – from in-person to remote and hybrid productivity – forced companies to change, or at least re-assess, their cybersecurity practices and protocols. And far too often, they were not adequately prepared for the evolving cyberthreat landscape.

In fact, according to CyberEdge’s ninth annual Cyberthreat Defence Report, more than 80% of organisations suffered from a successful cyberattack in 2021. With data privacy and data security top of mind, businesses are looking to strengthen their defences against cybercriminals. Here are four simple steps you can take to better protect your workplace data.

1 | Identify the ‘crown jewels’ of your business

Knowing what kind of data cybercriminals want is an essential part of your defence strategy. Therefore, creating an inventory of your so-called crown jewels (the most valuable data and data-related assets within your organisation, including hardware and software information) is important.

In addition, you should have a current (and actively maintained) list of every end-user who has access to your critical business data. Keep accurate records, with device and location details, so that you can carry out the necessary forensic investigations in the event of a data breach.

 2 | Make sure you’re updating and authenticating – always

Keep your operating systems, software packages and web browsers up to date and ensure that all devices have automatic updates enabled. When your connected environment is well maintained, with patches and updates carried out timeously, then your overall security posture is that much stronger.

In addition, make sure that your staff use multifactor authentication (MFA) when they log in. Simple username-and-password combinations are not enough to keep cybercriminals at bay, and MFA could mean the difference between a successful or an unsuccessful hack.

3 | Actively monitor your connected environment for suspicious activity

You should monitor your IT environment continuously to detect misconfigurations, vulnerabilities, breach attempts, and cyberattacks in real time. If you have dedicated cybersecurity personnel, they can implement endpoint security technology to help monitor your network. If not, you can bring in SecOps experts to actively identify, investigate, and mitigate cyberthreats 24/7/365.

Moreover, make sure that everyone in your organisation understands the importance of good cyber hygiene and is following the security policies you have in place. When your people know how to spot phishing attempts, for example, then they can respond appropriately.

4 | Prepare your response plan in advance

No matter how many safeguards you have in place, the unfortunate reality is that cyber incidents still occur. However, responding in a comprehensive manner will reduce the impact on your business and send a positive signal to your customers and employees. Therefore, you should have an incident response plan prepared in advance.

This document should be stored safely and your dedicated response team should be able to access it quickly when the need arises. Make sure your incident response plan includes clearly defined technical, operational, legal, and communication-related steps for your team to follow.


BUI is proud to be a Champion organisation for the 2022 edition of Cybersecurity Awareness Month. This article was originally provided by the National Cybersecurity Alliance and is republished here with permission.

Improve your cybersecurity posture with an expert partner.

Cybercriminals are targeting enterprises big and small to try to gain access to sensitive, confidential, or proprietary data and resources.

How are you protecting your IT environment? Stay ahead of threat actors by choosing a managed detection and response service from BUI.

Three ways to improve your household cybersecurity

Your home network is your gateway to the internet. Are you taking appropriate measures to protect your connected household from cyberattackers?

The COVID-19 pandemic forced people to embrace working from home – a concept they had little or no experience with at the time. Many employees have since returned to the office, but remote work remains a popular choice. According to the 2022 State of Remote Work report by Buffer, 97% of remote workers would like to work remotely, at least some of the time, for the rest of their careers. As remote and hybrid work models continue to evolve, it’s vital for households to be vigilant about cybersecurity.

Most households are linked to the internet in some way. They can be hard-wired to the net or they can leverage wireless technology to connect computers, gaming systems, TVs, tablets, mobile phones and smart home devices to the worldwide web. Having the right cyber protection in place is essential to ensure that everyone in the home can use the internet safely and securely for personal and professional activities. Here are three simple ways to improve your household cybersecurity.

1 | Secure your wireless router

Using a wireless router is a convenient way to allow multiple devices to connect to the internet from different areas of your home. However, unless your router is secure, you risk the possibility of outsiders accessing information on your devices or using your network for nefarious purposes.

It’s important to secure your router from Day 1. Manufacturers assign preset passwords to routers – and these defaults are often weak or easy to guess. If you leave the factory-set password in place, then you effectively leave the door open for cybercriminals to breach your home network. Make sure you change the default router password when you set up the machine itself.

2 | Install security software on household devices

All devices connected to your home network should have security software installed – and updated regularly. Many modern devices have automatic update features, and you should enable them to ensure that your gadgets function optimally and securely at all times.

With the most up to date security software, operating systems and web browsers, your household devices will be better protected against viruses, malware and other cyberthreats.

3 | Back up household data

While steps can be taken to reduce the chance of your household network, devices and user accounts being hacked or compromised, they can never be 100% effective. Households should embrace the practice of backing up data.

You can protect your valuable work, photos and other digital information by making electronic copies of important files and storing them safely. This can be done using cloud software in addition to manual storage devices like portable hard drives and USBs.

By taking simple, proactive steps like these in your own home, you can defend your household members against online fraudsters and scammers.

BUI is proud to be a Champion organisation for the 2022 edition of Cybersecurity Awareness Month. This article was originally provided by the National Cybersecurity Alliance and is republished here with permission.

Improve your cybersecurity posture with an expert partner.

Cybercriminals are targeting enterprises big and small to try to gain access to sensitive, confidential, or proprietary data and resources.

How are you protecting your IT environment? Stay ahead of threat actors by choosing a managed detection and response service from BUI.

Four basic online safety tips to remember

If you look out for phishing scams, protect your passwords, and update your devices regularly, then you can improve your online safety.

Cybersecurity has become one of the biggest topics inside and outside of technology circles over the past two years. From securing personal devices for digital learning and remote work during the COVID-19 pandemic to safeguarding corporate data against cyberattacks, there’s been a seemingly endless news cycle dedicated to concerns around online safety.

It’s easy to feel overwhelmed or even powerless in the face of rapidly increasingly cybercrime, especially when there are fresh headlines about data breaches and phishing scams almost every day. But end-users – the people using technology to communicate, collaborate and connect – have an important role to play as the first line of defence when it comes to thwarting scammers, fraudsters and threat actors.

Unfortunately, many individuals are not aware of the most basic cybersecurity practices for everyday life. During Cybersecurity Awareness Month this October, Champion organisations like BUI are trying to change that – by sharing practical, actionable tips to help everyone #BeCyberSafe. Here are four basic online safety tips that you can implement right now.

1 | Watch out for phishing scams

Phishing (when a cybercriminal poses as a legitimate party in the hope of getting individuals to engage with malicious content or links) remains one of the most popular tactics among cybercriminals. In fact, about 90% of data breaches occur due to phishing, according to Cisco’s 2021 Cybersecurity Threat Trends report.

While phishing has grown more sophisticated, suspicious email characteristics (like poor spelling and grammar, typos, low-quality graphics and fake logos in a message) can be a tell-tale sign that the content is risky. Read our explainer blogs – Phishing: Can you spot these common types? and Three ways to shore up your defences against phishing – to learn more.

And remember… If you think you have spotted a phishing attempt, be sure to report the incident to your internal IT teams and service providers so that they can remediate the situation and prevent others from possibly becoming victims.

2 | Protect your passwords

Having a unique, long and complex password for each of your accounts is one of the simplest ways to boost your online safety. And yet, only 43% of the public say that they “always” or “very often” use strong passwords, according to the National Cybersecurity Alliance’s 2022 Cybersecurity Attitudes and Behaviours Report.

Password cracking is one of the go-to tactics that cybercriminals turn to in order to access sensitive information. And if you are a “password repeater”, once a cybercriminal has hacked one of your accounts, they can easily do the same across all of your accounts. Read our blog – The importance of digital identity management – to find out why it’s vital to make your login credentials rock solid.

3 | Enable multifactor authentication

Multifactor authentication or MFA – which prompts a user to input a second set of verifying information or to sign-in via an authenticator app – is a very effective measure that anyone can employ to reduce the chances of a cybersecurity breach.

According to Microsoft, MFA can block over 99.9% of account compromise attacks. Therefore, it is a must for any individual who is looking to secure their devices and accounts. Remember, multifactor authentication – from one-time PINs to biometric scans – will put an extra barrier between your sensitive data and the cybercriminals who want to access it.

Read our blog – Three simple ways to improve your data privacy – to explore other ways of protecting your personal information.

4 | Turn on automatic updates

Making sure that your devices are up to date should be an essential part of your cybersecurity routine. Don’t ignore software updates and patches! Cybersecurity is an ongoing effort, and updates are important for device maintenance and security.

Instead of trying to remember to check for updates, enable automatic updates whenever you can. This way, you’ll reduce your chances of having older, possibly vulnerable or risky versions of software that could be exploited by cybercriminals.

BUI is proud to be a Champion organisation for the 2022 edition of Cybersecurity Awareness Month. This article was originally provided by the National Cybersecurity Alliance and is republished here with permission.

Improve your cybersecurity posture with an expert partner.

Cybercriminals are targeting enterprises big and small to try to gain access to sensitive, confidential, or proprietary data and resources.

How are you protecting your IT environment? Stay ahead of threat actors by choosing a managed detection and response service from BUI.

Phishing: Can you spot these common types?

On the cybercrime timeline, phishing dates back to the mid-1990s when hackers exploited one of the earliest internet service providers to steal passwords and credit card data from unsuspecting users. Technology has evolved significantly since then, but phishing remains a popular attack method because it’s specifically designed to take advantage of human nature.

What is phishing?

Phishing is the practice of using fake, fraudulent, or deceptive communication to lure or convince a targeted person (or group) to hand over sensitive information.

Cybercriminals pretend to be legitimate, trustworthy sources and contact their victims by email, phone, or SMS with the goal of acquiring anything from personal data and banking details to usernames and passwords.

The scammers then leverage the newly acquired information for their own illicit purposes, which may include identity theft, credit card fraud, or privileged account access, among other things.

Email phishing, spear phishing, whaling, smishing, and vishing are five common types of phishing attacks. Learn to recognise the warning signs so that you’re less likely to be fooled by a scam message.

#1 | Email phishing

Email phishing (also called deception phishing or deceptive phishing) is perhaps the most well-known type of phishing. In this kind of scam, attackers impersonate a real company, organisation, or group and send out mass emails to as many email addresses as they can find. This so-called “spray and pray” approach is a numbers game for the perpetrators, and even if they only hook a handful of victims, the attack may still prove worthwhile and lucrative.

How do they do it? The scam email message is intended to make you perform an action, like downloading an attachment or clicking on a link. Malware embedded inside the attachment is activated when you open the file, and the link destination is often a malicious website primed to steal your credentials or install nefarious code on your device.

Consider this example… You receive a legitimate-looking email from your streaming service, saying your account has been temporarily suspended because of unusual activity. You’re instructed to click on a link inside the email, to verify your account credentials. You expect to be directed to the streaming service’s login page, but the link actually takes you to a lookalike login page that harvests your username and password.

#2 | Spear phishing

Spear phishing takes the concept of email phishing and applies it to a specific individual or group. Instead of the bulk, generic communication associated with regular email phishing, spear phishing involves customised messaging for a selected target. As the name implies, spear phishing is a pointed attack, not a wide-net manoeuvre, and scammers will often leverage publicly available corporate collateral to fine-tune the elements of their email trap.

How do they do it? Detailed, personalised messaging is key to the success of any spear-phishing campaign – because the attackers have to make you, the recipient, trust them enough to do what is asked in the email. They may spend days or even weeks on research and information-gathering (from your company’s website, social media pages, and published reports) as part of their efforts to trick you into action.

Consider this example… You’re the accounting clerk responsible for processing vendor invoices. You receive an email from an unknown vendor, with a PDF invoice attached. The message is well-written and friendly. The email sender knows your name and is knowledgeable about your company; they even send their best wishes to your colleague, John, whose motorcycle accident was addressed in your company newsletter last week. You believe that the vendor is legitimate and open the attachment, which then delivers malware to your laptop.

#3 | Whaling

Whaling (also called whale phishing) is the term used to describe phishing attacks aimed at a company’s most senior, most connected, or most influential leaders – the whales. The chief executive officer, chief operating officer, chief financial officer, chief technology officer, and other senior managers are attractive targets because of their high-level access to company resources. With an executive’s login credentials in their possession, scammers may be able to transfer corporate funds, expose private data, or impersonate the target to disrupt or damage the business.

How do they do it? Like spear phishing, whaling requires a tailored approach. Cybercriminals may have to profile the chosen individual for months to gain sufficient insight into their personal and professional lives. But as soon as the phishers have enough information, they can create believable, persuasive messages to try to deceive their victims into downloading malicious files or visiting compromised websites.

Consider this example… A new email lands in your inbox – and it’s from a law firm. The subject line and the content of the message imply that your company is being sued for millions by a former employee. The preliminary paperwork is attached to the email. As the chief legal officer, it’s your responsibility to investigate – but you don’t realise that the attachment is tainted.

#4 | Smishing

Smishing (also called SMS phishing) uses a text message rather than an email message to conduct a phishing attack, but the rationale is the same: scammers want to fool you into clicking on a risky link, downloading a malicious application, or surrendering your personal information.

How do they do it? Digital fraudsters take advantage of the fact that you keep your smartphone within reach and probably read your text messages soon after they arrive. And, as with other phishing methods, deception is their key tool. By masquerading as bona fide businesses (like your supermarket) or trusted sources (like your bank), they can deliver compelling texts directly to you – quickly, easily, and more than once.

Consider this example… You receive an SMS offering 20% off your next clothing purchase. The offer appears to come from your favourite fashion outlet, and uses the same language and style (right down to the abbreviations and emojis) that you’ve seen from the store in the past. To receive the discount, which is only available to the first 100 customers, you need to click the link and claim your coupon code online. You don’t know that the link, when clicked, installs malware on your phone.

#5 | Vishing

Vishing (also called voice phishing or phone phishing) is when scammers call you directly – on your home landline, your work phone, or your cell – and try to make you give out personal or corporate information. Often, they will exploit annual trends and public concerns, or create a sense of panic that makes you feel compelled to comply with their requests.

How do they do it? The person making the fraudulent phone call may pretend to be a tax official who needs your company registration number for verification before refunding money to you. They may claim to be a health official calling to put you on the list for a COVID-19 vaccination. They may even claim to be a customer service agent from your bank, alerting you to suspicious withdrawals from your account. In every scenario, the phisher on the other end of the line will do their utmost to extract sensitive information from you.

Consider this example… You’re called by someone who claims to be from an insurance firm. They say that you’ve been named as a beneficiary in the estate of their deceased client, and you stand to receive a substantial sum of money if you can verify your identity in line with the facts in their possession. You may be asked for your full name, your ID number, your physical address, and your other phone numbers as the impersonator tricks you into providing confidential, high-value information over the phone.

These five types of phishing attacks are among the most prevalent, but they’re not the only ones used by cybercriminals. You need to be able to spot the tactics (and teach your teams to spot them, too) so that would-be phishers do not succeed when they target you and your staff.

Give your people a head start with security training.

Prepare your business teams for the dangers of cyberspace with comprehensive security training from BUI and Cyber Risk Aware.

Check out the on-demand webinar featuring our own Wayne Nel and Cyber Risk Aware CEO Stephen Burke to learn more.

Five questions to ask your leadership team before the POPIA grace period ends

South Africa’s Protection of Personal Information Act gives individuals more control over how their personal information is collected, processed, and used by private and public bodies. The Act requires such bodies (AKA responsible parties) to meet several minimum requirements for the lawful processing of data – and the grace period is almost over. From 1 July 2021, SA organisations must be compliant. Are you ready? Ask your leadership team these five questions to check that key areas of accountability have been addressed…

1 | Do we have a registered Information Officer?

As a responsible party, you are required to register your Information Officer with the Information Regulator by 1 July 2021.

You can do this online via the Information Officer Registration Portal on the Information Regulator’s website, where electronic and PDF versions of the registration form are available. The portal also contains relevant documentation, including guidance notes, official notices, and policies.

Remember, your Information Officer (IO) is the person responsible for making sure your organisation adheres to POPIA. They need to encourage and ensure your organisation’s compliance with POPIA, deal with any information access requests pursuant to the legislation, and work with the Information Regulator in relation to any investigations conducted in terms of POPIA.

They also need to see to it that an organisational compliance framework is developed, implemented, monitored and maintained, and that internal awareness sessions are conducted regarding the provisions of the Act, among other duties. The IO’s responsibilities are listed in Section 55 of POPIA and in the POPIA Regulations.

2 | Do we have adequate security measures in place?

As a responsible party, you are required to secure the integrity and confidentiality of personal information in your possession or under your control.

According to Section 19 of POPIA, this includes the implementation of “appropriate, reasonable technical and organisational measures” to prevent loss of, damage to, or unauthorised destruction of personal information.

Whether you manage personal data on paper or online, POPIA calls for you to identify all reasonably foreseeable internal and external risks to the data; establish and maintain appropriate safeguards against the risks identified; regularly verify that the safeguards are effectively implemented; and ensure that the safeguards are continually updated in response to new risks.

In addition, POPIA decrees that you must have “due regard to generally accepted information security practices and procedures” which may apply to you generally, or which may be required in terms of specific industry or professional regulations (e.g., hospitals are expected to have strict security measures in place to protect the detailed, sensitive medical records of their patients).

3 | Do we know what to do in the event of a data breach?

As a responsible party, you are required to report security compromises to the Information Regulator and the data subject(s) involved as soon as reasonably possible.

Section 22 of POPIA describes the obligations of the responsible party when there are “reasonable grounds” to believe that the personal information of a data subject has been accessed or acquired by an unauthorised person.

You should have a comprehensive incident response plan on hand to guide your actions in the event of a data breach, data leak, or cybersecurity incident. Make sure that your IO and key members of your leadership team follow a systematic process to identify the incident, respond appropriately, escalate where necessary, and communicate clearly in line with POPIA’s stipulations.

If you fail to notify data subjects in such circumstances, you could face imprisonment, fines, or both. Remember, you must notify affected parties in writing as soon as reasonably possible after the discovery of a security compromise.

4 | Do we have employee training initiatives in place?

As a responsible party, you should ensure that your employees are educated about basic information security protocols and procedures.

From your Human Resources Department, which handles sensitive staff info, to your employees themselves, who may manage personal data from customers, suppliers, and service providers, your teams have to deal with personal information on a regular basis.

Make sure everyone in your organisation is familiar with POPIA’s requirements – and that individual staff members, line managers, and department heads understand their duties and responsibilities when it comes to data processing, data management, and data security.

Educate your personnel about the collection, use, and storage of personal information under POPIA, and remember that they may need specialised training for new systems and new productivity tools deployed now, or in the future.

5 | Do we understand the risks of non-compliance?

As a responsible party, you could face hefty fines or imprisonment if you’re found to be in contravention of the law.

There are civil and criminal consequences for non-compliance with POPIA. Section 99 of the Act describes how a data subject (or the Information Regulator, at the request of a data subject) may institute civil action against a responsible party for breach of POPIA.

Offences, penalties, and administrative fines are outlined in Chapter 11 of the legislation. If you are convicted of an offence in terms of POPIA, you could be fined up to R10-million, or imprisoned for up to 10 years.

Non-compliance also poses a risk to your reputation: public trust in your organisation could be eroded overnight if you suffer a data breach, and serious brand damage could cripple your business irrevocably.

Get expert help for all your data security needs.

The BUI Cyber Security Operations Center is the first of its kind in Africa. Take a look inside to see how our security experts protect and defend critical data 365 days a year.

Or contact our team directly to learn more about next-generation security solutions to safeguard your personal information, customer files, and business resources.

BUI selected to join Microsoft Intelligent Security Association

We are pleased to announce that we have joined the Microsoft Intelligent Security Association (MISA), a global ecosystem of independent software vendors and managed security service providers that have integrated their solutions to help customers better defend against a world of evolving cybersecurity threats.

MISA was launched in 2018 with 26 members. Today, just over 160 industry leaders from across the international cybersecurity spectrum work together to share threat intelligence, extend solution capabilities, and increase customer protection.

MISA membership is by invitation only. Organisations must be nominated by Microsoft, and must demonstrate integrations that support the goal of improving enterprise security. We were selected to join the association as a managed security service provider, for our NettProtect vulnerability scanning solution and turnkey add-ons to our Cyber SoC packages, as well as our Microsoft Defender for Endpoint managed service, which is geared to reinforce network security through next-generation detection, investigation, and threat-hunting.

“We are very proud to be part of the Microsoft Intelligent Security Association,” says Managing Director Ryan Roseveare. “Our MISA membership not only deepens our longstanding relationship with Microsoft, but also opens the door for our specialists to collaborate with some of the top security professionals in the world. We are excited to share our expertise with our new peers. And we look forward to delivering even more value to our customers, through innovative security offerings that meet their business needs.”

The BUI Cyber Security Operations Center (Cyber SoC) integrates with Microsoft Azure Sentinel, a cloud-native, AI-based security information and event management solution, to make threat detection and response smarter and faster. The state-of-the-art facility is the first of its kind in Africa, and harnesses Microsoft security resources to monitor enterprise networks, servers, endpoints, databases, and applications.

“The success of our Cyber SoC lies in the combination of cutting-edge technology and industry-leading skills,” declares Roseveare. “We have created a compelling solution by reducing the cost and complexity of managed security services, and by giving our customers value-driven add-ons, like our Cyber SoC Panic Button for emergency assistance,” he notes.

“The Microsoft Intelligent Security Association has grown into a vibrant ecosystem comprised of the most reliable and trusted security software vendors across the globe. Our members, like BUI, share Microsoft’s commitment to collaboration within the cybersecurity community to improve our customers’ ability to predict, detect, and respond to security threats faster,” says Rani Lofstrom, Senior Product Marketing Manager, Microsoft Security.

BUI’s MISA membership follows several company milestones in 2020. Since the beginning of the year, we have achieved Microsoft Azure Expert Managed Service Provider status and attained advanced specializations in Adoption and Change Management and Windows Virtual Desktop. We have also been named Microsoft Country Partner of the Year, Microsoft Modern Workplace Partner of the Year, Microsoft Azure Infrastructure Partner of the Year, and Microsoft Security Partner of the Year.

“We are determined to help our customers strengthen their cyber defences in the face of increasingly sophisticated threats,” says Roseveare. “As part of MISA, we are now even better positioned to empower organisations to protect their assets – from identity to infrastructure, and from the edge to the cloud,” he concludes.

Explore next-generation security for the new world of work…

We can help you create the best possible defences against cybercrime.

Check out our security offers in the MISA partner catalogue to learn more.

Are you a cybersecurity champion?

BUI is proud to announce its commitment to Cybersecurity Awareness Month, held annually in October, by signing up as a Champion organisation and joining a growing global effort to promote awareness of online safety and privacy.

This year, Champion organisations include technology companies Cisco, Kaspersky, McAfee, and Palo Alto Networks, as well as industry heavyweights like General Motors.

The Cybersecurity Awareness Month Champion programme is a collaborative effort among businesses, government agencies, tertiary education institutions, associations, and non-profit organisations and individuals committed to the 2020 Cybersecurity Awareness Month theme of “Do Your Part – #BeCyberSmart”. The programme aims to empower individuals and organisations to own their role in protecting their part of cyberspace.

The overarching message of this year’s theme – “If You Connect It, Protect It” – dives into the importance of keeping connected devices safe and secure from outside influence.

More than ever before, connected devices have been woven into society as an integral part of how people communicate and access services essential to their well-being. Data collected from these devices can detail highly specific information about a person or business which can be exploited by threat actors for their personal gain. Cybersecurity Awareness Month aims to shed light on these security vulnerabilities, while offering guidance around simple security measures to limit the risks for commonly used devices like smartphones, tablets, and laptops.

This year, Cybersecurity Awareness Month will feature four main focus areas:

  • General security hygiene for connected devices and home networks
  • The importance of device security, especially for remote workers
  • How connected devices play a pivotal role in the future of healthcare
  • The overall future of connected devices for consumers

If everybody does their part – by implementing stronger security practices, raising community awareness, educating vulnerable audiences, and training employees – then our interconnected world will be safer and more resilient for everyone.

Cybersecurity Awareness Month continues to build momentum and impact with the ultimate goal of providing everyone with the information they need to stay safer and more secure online. The initiative, which is led by the National Cyber Security Alliance (NCSA) and the Cybersecurity and Infrastructure Agency (CISA) of the United States Department of Homeland Security, is in its 17th year.

Visit staysafeonline.org for more information about Cybersecurity Awareness Month 2020, and follow BUI on FacebookLinkedIn, and Twitter for daily cybersecurity resources! Throughout October, we will be sharing tips to help you and your teams be safer and more secure online.

Wondering how to cultivate cybersecurity awareness in your organisation?

Join our own Wayne Nel and Cyber Risk Aware CEO Stephen Burke for an exclusive live webinar on Thursday 15 October 2020.

Creating Your Human Firewall will show you how to transform your employees into cyber defenders. Reserve your seat!

Security must be part of your online business playbook

BUI CISSP Neil du Plessis and First Digital KZN Managing Executive Gabriel Malherbe discuss why a security strategy is critical for any enterprise with web-facing assets.

In 2019, South Africa had the third-highest number of cybercrime victims in the world. Attacks from the darkest corners of the web cost our economy more than R2.2bn. From government portals to municipal networks and databases, the public sector was a regular target. In the private sector too, cyberattackers zeroed in on e-commerce platformsinternet service providers, and financial institutions.

There’s a similar trend in 2020. Since the beginning of the year, hackers have taken aim at local enterprises including chemical supplier Omnia, hospital group Life Healthcare, and vehicle-recovery firm Tracker. Internationally, headline-making incidents involving car manufacturer Honda, GPS technology company Garmin, and energy group Enel have also highlighted the consequences of digital villainy, and put corporate cybersecurity practices in focus across the globe.

In 2019, South Africa had the third-highest number of cybercrime victims in the world, according to researchers.

“When it comes to defending against cyberattacks, modern enterprises must consider the growing complexity of their operational environments and the web-enabled commercial landscape at large,” explains Neil du Plessis, our CISSP and cloud security architect. Connectivity can be a powerful business driver, but it can also be a double-edged sword: the greater the number of integrated platforms, systems, and applications, the broader the attack surface. “You no longer have the luxury of drawing a perimeter around your organisation,” states Du Plessis.

Gabriel Malherbe, the KZN managing executive at our sister company First Digital, agrees. “In a hyperconnected world, your cybersecurity measures cannot stop at the front gate. Those days are long gone. Today, a business environment is not just a physical space: it extends beyond walls and fences, across devices, across networks, and across borders. The challenge now – especially for those moving ahead with digital transformation – is holistic protection,” says Malherbe.

Risk versus reward

South Africa is one of the fastest-growing countries globally for IT expenditure, and local enterprises are spending significant funds on software and services delivered via the internet. They’re also moving core systems online. “Modernisation is a big motivator,” says Malherbe. “There’s a growing interest in disruptive technologies, and how they can be leveraged to help people accomplish more. The ‘more’ factor may change from company to company, but I think the stimulus is the same in many cases, and that’s the desire to prepare for an increasingly digital future,” he explains.

Being online can open the door for businesses to become more agile, more productive, more efficient, more responsive, and more cost-effective – but there are risks to consider in pursuit of such rewards, cautions Du Plessis. “Whether an online presence is part of your overall business development strategy, or a planned transition to serve your customers where they are, or even a productivity requirement to enable remote work right now, cybersecurity should be a primary concern. Unfortunately, this is not always the case, and some of the biggest security incidents in recent history are now cautionary tales about the perils of poor cyber hygiene,” he says.

Du Plessis highlights the 2018 ViewFines data leak as an example. “The PII records of almost a million South African motorists were leaked publicly, and sensitive personal information – including full names, ID numbers, and plaintext passwords – was compromised. The root cause was a web server vulnerability that could have been addressed beforehand through mitigation techniques like vulnerability scanning, penetration testing, server hardening, and patch management,” he explains.

Malicious actors continue to employ a wide range of scams to try to gain access to valuable data and corporate assets. Phishing, smishing, and vishing are common methods of attack, but malware is becoming a popular choice as cyber villains look beyond everyday IT infrastructure to more complex OT ecosystems in sectors as diverse as retail and industrial manufacturing.

“The EKANS ransomware used against Honda earlier this year is a case in point,” Du Plessis says, referencing the sophisticated malware that targeted the auto-maker’s industrial control systems and affected production lines in Europe, Japan, and the United States. “It’s absolutely critical for modern enterprises to establish cybersecurity practices that include all web-enabled processes, not only traditional IT,” he advises.

Security should be built in from the ground up and across the board, concurs Malherbe. “There’s a duality to the internet that you need to remember: it connects you to the world and it connects the world to you. Every web-facing resource, from your homepage to your e-commerce store, is exposed to a degree of risk. When you understand that, then you can take action to protect your assets while you reap the rewards of doing business on the web,” he says.

Functionality and security

“Cost, convenience, and customisation potential are all factors pushing local businesses to explore some kind of online presence,” continues Malherbe, adding that First Digital has seen a dramatic increase in the number of clients asking for e-commerce solutions in recent months. The trend, he argues, can be attributed to the prevailing market conditions as well as the changing behaviour of tech-savvy consumers.

“Even before the movement restrictions imposed during the COVID-19 lockdown, brick-and-mortar stores and shopping malls had started to feel the ripple effect of our stagnant economy: dwindling foot traffic, conservative spending, and tougher competition for every available rand. On top of that, there’s growing consumer demand for personalised, intuitive retail experiences. More and more, we’re seeing brands turn to e-commerce to drive sales and boost shopper engagement,” he says.

Modern enterprises need to establish cybersecurity practices that include all web-enabled processes, not only traditional IT, advises BUI CISSP Neil du Plessis.

Business-to-consumer enterprises aren’t the only ones taking advantage of web-enabled technology. In the business-to-business space, bespoke trading platforms and vendor portals are being deployed to enable broader collaboration, integration, and co-operation. Greater functionality, however, demands greater security measures, reiterates Du Plessis. “Several high-profile cyberattacks have been linked to human error, or the misconfiguration of IT resources, or inadequate security controls. In B2C and B2B companies, cybersecurity strategy needs to be prioritised to help safeguard data, applications, infrastructure, and users,” he says.

BUI and First Digital have partnered on several projects to deliver secure solutions to local organisations. “I think customers understand the value of such engagements, especially given our complementary disciplines,” says Malherbe, citing a recent piece of work for Korbicom that drew on both teams’ expertise. “First Digital was brought in to provide Azure support, and BUI came on board later to perform penetration testing. The result was an intensive review of Korbicom’s web application, from architecture through to security,” explains Malherbe.

Korbicom’s application architect, Shaun Rust, was pleased with the results. “As a niche software development company, Korbicom creates custom solutions for clients in the legal sector, the insurance industry, and the financial services industry. Understandably, security and compliance are particular concerns. Our consultations with First Digital and BUI revolved around the functionality and security of a newly developed application, and their advice and assistance was very much appreciated.”

South African companies have to be prepared for sustained and increasingly sophisticated cyberattacks designed to compromise web-facing assets. “If you collect customer data through your website, or payment details through your e-commerce store, then you’re a potential target because sensitive information like that is valuable to somebody, somewhere,” cautions Du Plessis. “It doesn’t matter how big or small you are: data is a commodity. And I think we’ve all seen enough headlines to know that it is being bought and sold worldwide. The protection of your online business environment has never been more important than it is today,” he says.

Malherbe feels the same way. “If you don’t put adequate defences in place, then your enterprise is exposed, vulnerable, and at risk. You cannot afford to be in that position when the threat landscape changes by the minute. You have to make cybersecurity a priority – from day one, and every day after that,” he concludes.

A version of this article was published by First Digital, a fellow First Technology Group company specialising in application development, business process management, enterprise content management, integration, and managed services. Connect with First Digital on LinkedInFacebookTwitter, and YouTube, or visit www.firsttech.digital to learn more.

Did you know that the BUI Cyber Security Operations Centre opened in 2019?

Our state-of-the-art cybersecurity facility is backed by world-class Microsoft security technology, including Azure Sentinel – Microsoft’s cloud-native security information and event management software.

The BUI Cyber Security Operations Centre is the first of its kind in Africa. It is staffed 24 hours a day, seven days a week, by certified security specialists who can help you to safeguard your critical business assets.