The rumour mill has it that recently a university student hacked into one of the local banking systems. The Herald was also recently hacked into early this week where the intruder changed the headlines of the news that had been put on the website. These are just a few incidents out of many incidents where local organizations have been exposed to dangerous individuals. Luckily due to the value of the Zimbabwean dollars one can do very little with the money in people’s accounts. Of course one can temper around with the accounts. There is a general lack of awareness of the dangers of not securing one’s systems. Most people have a tendency to believe that it will not happen in Zimbabwe these things only happen in Europe or the United States of America. It will probably take for one of the organizations to lose a lot of money for people to take note.
One wonders whether it is a case of complacency on the organisation’s management or the IT department’s competencies. A major worry is where people claim they are able to scan servers of big banks and have never been tracked down; they simply get away with it.
Zimbabwe needs laws that govern the IT industry. If for instance one was caught trespassing on a server all that an administrator can do is to send a warning to the intruder that they should not trespass. There is so much that can be done by individual organizations to help protect them. Here are some tips on securing your systems:
1. Organisation’s management should avail necessary funds for the acquisition, implementation and maintenance of IT security infrastructure.
2. Organizations through their human resource departments should hire the correctly qualified people for the roles in the IT department. The organizations should resist employing super users of their systems into the IT department.
3. CIO’s or IT managers should make sure that the systems and servers are correctly configured and implemented.
4. Organizations should conduct regular IT audits preferably by external auditors from the Big Four accounting firms. This will help in revealing loopholes that may have otherwise been overlooked by the IT department.
5. Organizations especially banks which have introduced internet banking should create awareness in the banking community the dangers of using the service. This will help both the organization and its customers.
6. Still on ecommerce, those organizations that would like to conduct internet transactions should strongly consider making use of the https (Hypertext Transfer Protocol over Secure Socket Layer) protocol. This is a URI scheme used to indicate a secure HTTP connection, to provide authentication and encrypted communication and is widely used on the World Wide Web for security-sensitive communication such as payment transactions and corporate logons.
7. It has been said before that one should change their password as often as they can, but how many of us actually do it. Encourage users to change passwords periodically and not to use obvious passwords that one can easily figure out. When an employee has left the organization their profile should be deleted and passwords changed, you just never know what they are thinking especially if they are disgruntled.
8. Educate employees about social engineering. Social engineering is a trick used by system hackers to obtain passwords from unsuspecting users. Encourage employees to keep information about the organizations they work for private and confidential.
