BUSINESS NEWS - A new financial regulation is sending waves through the South African economy, and it's not just the big banks that need to pay attention. Small and medium-sized businesses could be the most affected.
The Financial Sector Conduct Authority (FSCA) and the South African Reserve Bank (Sarb) have issued a joint standard on cyber security and cyber resilience, setting stringent new rules for financial institutions.
But, says cyber security expert Shane Visscher of DeepSight360, the real story is the ripple effect that extends this compliance burden to the thousands of smaller businesses that supply them with services.
"If you are a vendor, contractor or service provider to any financial institution, their risk is now your risk. Their compliance burden is now your business reality.
"As of 1 June this year, financial institutions are mandated to ensure their third-party service providers adhere to the same tough cyber security requirements," says Visscher, who presented a cyber security workshop to businesses at Regus on Tuesday 14 October.
"For small business owners, this means facing increased scrutiny, tougher contracts and the potential for direct audits from clients who need to secure their own supply chain."
Visscher says businesses should ask themselves if they are operating under dangerous assumptions. Cyber criminals know that small businesses often take the path of least resistance to their ultimate targets. It's crucial to debunk common and dangerous myths about cyber security.
He says businessowners often think that their business is too small to be a target, but it is actually a prime one. "Your business holds valuable data and can be used as an entry point to infiltrate your larger clients. Cyber security is also not your IT provider's problem. While technology is a key component, leadership must set the policy, define what needs protecting, and build a security-aware culture. It's about people and processes, not just software."
Often, businesses are of the point of view that being secure and compliant is too expensive, but the cost of a data breach in financial loss, reputational damage and legal fees is far higher than the cost of prevention.
"Many of the most effective security measures start with good habits and are low-cost or even free. However, a firewall and antivirus are not all you need. They are essential, but they are only the start.
"Modern cyber threats, especially phishing emails, are designed to bypass basic defences by tricking your employees. A layered defence is critical," warns Visscher.
"The landscape for businesses in the financial supply chain has fundamentally changed. Businesses must not wait for a data breach or a failed audit to discover that they are non-compliant. Protect your business, secure your contracts, and navigate these new requirements with confidence."
‘We bring you the latest Garden Route, Hessequa, Karoo news’
