Page 21 - EngineerIT March 2022
P. 21
CYBER SECURITY
Prevent passwords falling into the Review account privileges regularly
wrong hands Privileged-access accounts, if hijacked, become a powerful weapon attackers can use to
Enabling MFA is an important weapon gain greater access to networks and resources. Your security teams should be auditing
in fighting back. By so doing, your access privileges frequently, using the principle of least-privilege granted to enable
organisation mitigates the risk of employees to get jobs done.
passwords falling into the wrong hands.
You can take this a step further by Constantly verify the authenticity of users and activities
eliminating passwords altogether and, at Another fundamental aspect of your security hygiene should be to thoroughly review
the same time, eliminating administrative all tenant administrator users or accounts tied to delegated administrative privileges.
privileges through password-less MFA. This will help your organisation verify the authenticity of users and activities. Your
Though passwords are a prime target security team should then disable or remove any unused delegated administrative
for attacks, they’ve long been the most privileges.
important layer of security for everything Attackers are constantly raising the bar, but leading with identity-focused solutions,
in our digital lives. People are expected including enforcing MFA, adopting password-less solutions, and creating conditional
to create complex and unique passwords, access policies for all users dramatically improves protection for your devices and data.
remember them, and change them If identity is the new battle ground, then zero trust is the must-have weapon for fighting
frequently, but this is highly inconvenient back. n
and nobody likes doing that. Ultimately, a
password-less future is a safer future. Read more about Cyber Signals.
EngineerIT Panel discussion:
POPIA - friend or foe of business
In the March 2022 EngineerIT panel discussion, now available online, three industry leaders discuss the
Protection of Public Information Act (PoPIA) which came into force in July last year.
The discussion was around the question if POPIA is of benefit to business or a hindrance.
All three participants agreed that PoPIA is The participants in the discussion are:
a benefit to business and it aligns South
Africa with the rest of the world, and
sends a clear message that their data is
safe in South Africa.
But as with all regulations it is the
compliance and ultimate enforcement by
the authorities that makes implementation
successful. The POPI regulator is
understaffed for the role it must play with
only a small number of staff dealing with
reported infringements.
The act does not differentiate and
applies equally to all businesses from small Kevin Halkerd Karl Blom Sumeeth Singh
to large. Compliance may particularly be Risk and Compliance Senior Associate Head: Cloud Provider
Business
Webber Wentzel
Manager
difficult for “mom-and-pop” stores. The e4 VMware SSA
suggestion is that perhaps there should
have been a different approach. One Listen to this interesting discussion about how businesses generally are befitting from PoPIA,
example is a garage - the owner is more though that may sound unlikely. The panellist also make suggestions of how a ‘mom and
concerned with fixing the customer’s car pop” store can go the PoPIA route. n
than the customer’s information. Listen to the panel discussion podcast here.
EngineerIT | March 2022 | 19
