Today, a lot of new businesses emerge in South Africa each year. As a rule, they start as small organizations, which are hungry to capture new markets all over the world, promote their products, and build effective business relations with their partners, whom they encounter on the way to success. The main tool that almost all of these startups employ is e-commerce. E-commerce is a promising and effective strategy, but there are very many risks, under which such businesses put themselves and their partners. Unfortunately, many of these small organizations barely make an effort to protect themselves from the associated challenges and do nothing to develop good security systems and adopt appropriate practices. Moreover, very little has been done by authorities to assist these businesses (ISC Africa 2015). It is undeniable that, in terms of top IT security, more has been done in assisting big organizations such as banks and government institutions as compared to small organizations. The owners of smaller businesses believe that they are at a lower risk of e-crimes; as a result, they continue to ignore intense security measures (Melvin 2004, p. 53).
Get a price quote
This research focuses on investigating e-crime and computer security problems in small-sized organizations and private homes in South Africa. The paper sheds light on the current situation in computer security systems and recommends ways, in which they can help raise awareness of small organizations on the matter at hand.
According to Hughes and Hayhoe (2007, p.135), computer attack can be defined as an effort by a criminal to gain unauthorized access to a computer or to control the computer and its network system. Such crimes have been gaining popularity since 1960. In 1970-1980, several attempts to get these crimes under control were made in the USA (Pasquel 2015). As a result, many concepts and practices were designed and put in place. Marchany and Joseph (2002, p. 108) acknowledge success of these innovations; however, they also admit that many attacks on computers such as Trojans, trapdoors, and some other viruses have continued to exist and have attacked many government and private PCs since then. Currently, there are millions of blended and malicious attacks that are performed by hackers, script kiddies, and other people who are looking for challenges, status, and profitable opportunities. These attacks have continued to evolve, as well as become much faster and aggressive; therefore, the situation needs immediate intervention (Marchany & Joseph 2002, p. 59).
Benefit from our service: save 25%
Along with the first order offer - 15% discount (code firstorder), you save an extra 10% since we provide 300 words/page instead of 275 words/page.
Assessment of the information systems security
Goodman(2015, p. 68) and Hughes and Hayhoe, (2007, p.201) agree that there are many security assessment models that have been designed to benefit mainly large businesses and organizations. Only few of them can be modified to suit a small business, for example, ISO 17799 and COBIT. OCTAVEs are also being used by PCs in small organizations (Goodman 2015, pp. 55-60). These three standards are not enough since organizations need more confidentiality, integrity, and availability; thus, more models are needed in order to keep smaller entities safe from e-crimes. For instance, the NSTISSC security model is a universal mechanism that aims to enhance security both in smaller and bigger organizations. Its high efficiency cannot be undermined by organizational differences or technological changes. The main function of this model is identifying the areas, in which a business is vulnerable and advice on the security challenges. It also helps in the development of ultimate security policies, as well as education and training of the same. The NSTISSC security model was developed by the National Security Telecommunications and Information Systems Security Committee; it has three dimensions. Dimension Y covers the main critical aspects of the information: confidentiality (only authorized individuals may access any provided data), integrity (the information must be complete and uncorrupted), and availability (the information stored must be easily accessed by authorized individuals without any obstruction or interference). The next dimension is X, the main task of which is to distinguish the three states of information: storage, processing, and transmission. The last dimension is Z that includes the three security measures (technology, policy, and education). These three security measures must be implemented in order to preserve the original characteristics of information (Goodman 2015). Therefore, businesses in South Africa need to understand that there are numerous security tools, which they can purchase from the computer software vendors.
Method of data collection
This research employed two methods of data collection; questionnaires were distributed, and interviews were scheduled. Questionnaires were highly preferred because they have immense advantages; for example they are practical and provide large amounts of information. They are flexible and convenient for the researcher while its results can be easily accessed and interpreted. The data received can be scientifically analyzed for validity and, even after a long time, conclusions can be used to measure any changes (Kumar 2014, p.47).
Interviews were another preferred method of collecting information in this study. This method was preferred because it provided an interviewer with a unique possibility to clarify any question easily and ensured amicable and frank answers. Interviewing is an effective tool for collecting information that considers complex subjects. While interviewing, interviewers have an opportunity to probe deeper and get full information on the questions being asked. As a rule, interviews produce high response rates (Kumar 2014, p. 43)
|FREE Services||Feature||Your Savings|
|FREE outline||Always available||$5|
|FREE revision||Within 48 hours||$30|
|FREE title page||Always available||$5|
|FREE bibliography||Always available||$15|
|FREE email delivery||Always available||$10|
|FREE formatting||Always available||$10|
Total: $75 Let's do it!
The research sample
The respondents who took part in this research came from South Africa’s economic sector; all of them had a reputable record since they had been significantly contributing to the country’s gross geographical production. They had an experience of over five years and understood the types of computer attacks, which they have encountered while at work. The research also involved twenty home Internet users, who were randomly chosen in different areas within the selected region. Recently, the home Internet users have been among the most targeted by hackers groups. In fact, according to Cybercrime in South Africa (2015), a high percentage of the Internet users locate at home. Nevertheless, only those, whose activities involved e-commerce, were selected to participate in the study. At first, it was very difficult to identify these participants because there was no information regarding the target group. The study team had to visit the local Internet service provider for the appropriate data, but all in vain. The provider claimed that such information was highly sensitive since it involved clients’ private details. The team then decided to use the only available list got from the department of labor, which shed immense light on the study’s efforts.
The research questionnaires were then distributed, and the respondents completed them while the research team kept a keen watch. The interviewers were in a clear position to clarify any confusing questions, obtain amicable and quick answers, and validate answers whenever an opportunity showed itself. More than one hundred small organizations were selected to take part in this survey. Later, however, 65 entities were excluded; 40 were not connected to the Internet; ten did not engage in any e-commerce activities, and fifteen were not very active users. As a result, the total number of participants in the research study was lowered to 35 small business organizations that actively participated in e-commerce. In addition, the responses provided by six organizations that participated in the survey were considered invalid due to inconsistent answers. Therefore, the total number of valid responses collected from the participants was 29. The people that participated in filling in the questionnaires included owner-managers, business assistants, and business managers. Content validity was established as the team used impressive measures adapted from the previous studies.
The research team employed interviews in order to get unique responses from the home users, who used the Internet and were actively involved in e-commerce. It was a one-on-one interview session that had lasted for about a half an hour; immense probing was done by the research team to get ultimate responses. A total number of nine home internet users was interviewed, and all responses were considered valid.
Results and discussion of the study
Small e-commerce organizations and home Internet users who employ e-commerce are at high risks of computer attacks, but they hardly realize this fact. As deduced from the research findings, many of them do not have security plans for their PCs and use obsolete and outdated hardware and software. Most of these organizations and individuals also highly trust the technical measures that are rarely updated and can barely match the ever-evolving technology that produces these threats. The following are the detailed findings of the study.
Hardware and operating systems used in South Africa
Many organizations and home internet users still use old Pentium I and II computers. A good number of these organizations and individuals still use Windows 98 (39%), a much more vulnerable operating system than Windows XP, for example (only 25%). 35% of the respondents use Windows 2000, UNIX, Linux, and Novell Cybercrime (ISC Africa 2015). All of these users have no plans of updating and upgrading their systems with a more secure software and hardware. Many of the respondents rarely use online help services that are provided by the Internet security vendors and are rarely subscribed to the vendor mailing list. This type of arrogance is dangerous; if the users employ such services, they will be able to understand different vulnerabilities that face them (Pasquel 2015, p.58). Moreover, these mailings describe the risks and possible attacks, as well as explain how one can deal and fix some issues with their PCs.
Possession of a security policy
According to ISC Africa (2015), about 74% of users in South Africa did not have a formal computer security policy. They do not even understand the guidelines that address such issues as the access rights and password standards. As much as the owners and business premises have a full-time access to the Internet and web browsing, they are exposed to immense risk. Many small organizations do not put in mind that they need to plan the security measures of their IT systems carefully. They also do not keep formal records of their business objectives and IT requirements.
Have viruses attacked the respondents in the last 12 months?
The study indicated that about 60% of the respondents were victims of e-crimes in the last 12 months, and over 90% of the attacked victims had no security policy (ISC Africa 2015). According to a huge number of people being attacked daily by different computer worms, it was concluded that some of the chosen for the study organizations were unwilling to admit that they had been attacked or were not aware of the attacks since some of these threats were very hard to detect. Some of the attacks identified by the respondents included spyware, Code Red and Blaster Worms, and phishing.
Cybercrime in South Africa also indicates that 32% of the respondents in this survey admitted that they had not had anyone who maintained their security systems while 35% had outsourced specialists, who would take care of their security systems (ISC Africa 2015). 40% had in-sourced such services; sometimes, these services are delivered by people, who are inadequately trained in such areas. The outsourced IT service delivery was also not very common. Usually, vendors that provide IT services to other firms are small organizations that have inadequate resources and are sometimes incompetent. It means that these service providers can collapse at any time. However, their clients share with them important data. Consequently, such collapse might put business organizations and private users at a risk of being hacked since they have shared their valuable information. Fortunately, the Department of Trade and Industry of the South African government recommended putting in place more quality control standards. This step aims to make sure that IT is protected in small business organizations (ISC Africa, 2015).
Security measures that have already been implemented
The implemented measures include technology-based measures; today, 67% of the small organizations use password protection, and 68% of them employ the anti-virus software. 24% of people, who participated in this study, use firewalls while 3% use intrusion detection systems. In turn, 39% usually back up their files; however, only 1% uses encryption and authentication technologies as security mechanisms (ISC Africa 2015). It can, therefore, be deduced that many of these people are potential victims to cyber crimes as they enter the on-line trading arena without total understanding of how vulnerable to potential cyber crimes they are. Another security measure used by these individuals is non-technical based measures that include the proper Internet usage procedures (13%), security awareness training (7%), and incident reporting (21%) (ISC Africa 2015)
Our affiliate program!
Earn a 10% commission on the orders made by your friends. The more friends you invite, the more money you earn!Learn more
Security education, training, and awareness
Training on cyber crime awareness for the Internet users and people who participate in e-commerce is highly recommended. It can be used by an organization for promoting a strong security culture among its employees. After becoming aware through rigorous training, both employees and Internet users can start practicing the proper use of technology and enhance their communication policies (Goodman 2015, p. 44). Being unaware exposes individuals to various Internet risks; thus, a potential damage can occur in their IT infrastructure. It is a very pertinent area that a company should budget. Businesses should not only rely on the technology-based tools to protect their PCs but also include the non-technology based measures for impressive results. Reporting incidents is another step to a better security in small firms. According to the findings of this study, only 21% of the respondents have ever reported any security incidents to the vendors and law enforcement authorities (ISC Africa 2015). Some of those, who did not report the incidents, explain that they did not have required technical knowledge whether the malware was destructive or not. It happens because a big number of the Internet users in South Africa do not know how to maintain their security systems.
Security legislation and standards
According to ISC Africa (2015), about 50% of people, who participated in the study, do not understand that they need to follow pertinent security protocols and standards. 22% were aware of ISO17799, 15% knew about SSL while only 21% studied the HTTP security guidelines. 10% of the respondents understood the standards set by the local authorities, for example, the government IT standards, vendor security standards, and industry-affiliated policies. According to these results, one can easily state that Internet users in this region are rarely aware of the regulations and legislation regarding the security systems they use.
The conclusion from the research
Some small business organizations and many home Internet users that engage in e-commerce activities are very vulnerable to cyber crimes, but they are not aware of this fact. These entities received massive support from the local government and banks in terms of developing e-commerce, but none of them was supported in managing the ever-threatening security problems. In the future, this situation might lead to dire repercussions since such practices can highly affect the economy of the whole region.
Top 10 writers
Your order will be assigned to the most experienced writer in the relevant discipline. The highly demanded expert, one of our top 10 writers with the highest rate among the customers.Hire a top writer
Security guide recommendations
The following recommendations are pertinent to small business organizations and have been adopted from the NIST special publication 800-14: ISO 17799 and the Internet Security Alliance. These straightforward practices will significantly help in maintaining security in small business organizations.
It is important never to ignore any security measures since they can save the organization a lot of time and effort (Cole et al. 2007, p. 105). It is because any computer that has been connected to the Internet is highly vulnerable. For any business, it is always advisable to invest in the security of the IT infrastructure and be ready to monitor all legal, economic, and social implications of any cybercrime. It is also advisable that all small organizations in e-commerce implement different security policies and procedures, which will guide and promote security measures. All entities should adopt best international practices available on special websites on the Internet. Small organizations should always be aware of any security alerts and software updates because they need to upgrade and update their systems in order to avoid being vulnerable. Outdated systems should never be used. Organizations should make sure that they download scans and install patches whenever they are released. They should also subscribe to the vendor’s mailing lists to receive available updates to their security systems.
According to Cole et al. (2007, p. 110), organizations should hold training sessions that will help in making the PC users aware of the security systems. Through training, these people will develop a security culture that will aid in keeping all risks under control. They should also design, develop, and implement different security awareness programs that should be measured for their effectiveness and updated all the time. The users should understand all the issues regarding security requirements and risk management in order to curb up cyber crimes. These organizations should employ people who are competent in the security systems. Maintaining security systems is a complex task. In order to make sure that all systems are working properly, organizations should employ a professional, who will fully handle the maintenance issues. This person will also be responsible for identifying risks, developing security policies, and reporting any security issues to vendors and law enforcement authorities. He or she should be highly skilled, have a reliable technical expertise, and be able to back up all the data effectively. Using strong and unique passwords could be another tool in dealing with cyber crimes. Weak passwords could play a leading role in weakening the networks and systems as hackers can easily crack them. It is advisable to use passwords that are not found in the dictionary or use a complicated combination of characters and numbers. Moreover, these passwords should be changed on a regular basis.
Protecting PCs against viruses is another crucial step in keeping the working environment safe from cyber crimes. Every other day, more than a million of new viruses and worms are designed, and they are always complex and sophisticated in nature. They are meant to jam the IT systems, infect available data, and damage the hard disk. To stay safe from such threats, small organizations need to install strong antivirus software after testing it using the program’s trial version. A good antivirus program should be able to scan files, attach them, and fix detected damages. In addition, firewall technology is very effective in protecting the network from damaging traffic as it permits appropriate queries and rejects the rest. Finally, these organizations should ensure that any electronic transmissions are authenticated and encrypted. All remote connections and transmissions should be highly secured. Private Key identification software can help in achieving this goal because it can provide amicable information and customer ID, certificate authority, and digital certificate issuance capabilities.