A Sacco Cyber Security Report 2018 by Serianu reports that 83 per cent of SACCOs manage their Cybersecurity in-house, a worrying trend considering that security skill shortage is so high in the Sacco industry. This shows how much Saccos are susceptible to cyber-attacks or threats especially now with increasing and intensifying fraud reported in the financial sector.
Speaking while moderating a panel session on ‘Building a Security Culture for Saccos’ at a past Saccotech event hosted by CIO East Africa, Tania Ngima, the Managing Director at Digital Centers Franchise, DDD noted that Saccos should be started with a security culture in the mind.
“When starting a SACCO, start working with a strong security culture,” she said. “Log off from devices, have a two-multi-factor authentication. It is the simple routines that create a culture.”
Despite the rise in cyberattacks targeted in the financial industry, most SACCOs are still not cyber-ready or secure. This situation now worsened by the WFH policy and the heightened digitisation agenda across all sectors. This, therefore, raises doubts on SACCOs ability to keep customer data and finances safe.
With the Fortinet team assuring SACCOs of robust solutions to ensure a secure culture, a call was placed on the cooperatives to always incorporate security as a basic need in their journeys, just like is customer onboarding and retention.
“Once we have discussions with SACCOs, then we can tell what their needs are,” he said. “We target the urgent and challenging aspects that SACCOs need for planning for the future as they build the security culture.”
Speaking at the panel, Amos Ndung’u the Head of Security at Harambee SACCO avered that there is a need to lift the security level awareness of the staff even in their personal life as a part of their security culture. However, even with the right security software and monitoring in place, SACCOs still need to take care of the biggest threat of all to security- employees.
“Disgruntled employees keep me up at night because I don’t know what they will do to breach security,” said Robert Mogoi, the CIO at Chai SACCO.
But other than the disgruntled employees (usually few), the happy ones whose intentions are good are an equal potential for security breaches.
“Employees are good people. Chances are that they would never do anything intentionally to hurt your business. But human error is the cause of the majority of business cyber attacks,” reads a SMY Quest blog on employee and insecurity. “It’s not because people are trying to be malicious, it is the result of preventable mistakes.”