You are a successful company in Malawi. You have legal software, updated regularly and have the latest up to date virus protection. You backup regularly, and carry out regular monitoring of your network and usage for security risks. You think you are safe?
Think again. Here are some areas of potential risk that you may want to pay attention to and review regularly. Firstly – the use of storage media and backup. Do all your users have access to USB ports or optical drives, for the copying and transferring of data? Do they need to?
Unless you are sure of two things – the loyalty of all your users, or the fact that all confidential and business critical data is protected from unauthorised users – you have a gaping security loophole in your system. In addition, is your backup media stable? Many organisations continue to use expensive tape drives for their backup.
In my professional judgement, tape drives should go the way of floppy drives, bin them! These depend on degradable media units, which corrupt easily over time and frequent use. Many companies faithfully carry out a daily comprehensive backup without once testing or checking their backup media for reliability. Consider the use of remote or network drives for backup.
The internet now offers a range of reliable cloud backup services that must be explored by any serious IT professional wishing to maintain secure and cost effective options for their company. Be very aware of requisite bandwidth requirements for such solutions. Running big data payloads through the cloud or remotely can be a risk in itself if an unreliable internet service is used.
Be conscious of the accompanying risks of the loss of key members of staff who previously had access to your company data. How soon do you delete their user profiles and access to your system? If their departure is imminent what is being done to monitor their usage in their notice period? A disgruntled employee is in a privileged position and can severely compromise a company’s protected assets.
The same applies to the change of a key vendor account manager. What happens when your key IP services provider personnel move – what information do they have on your company that can be compromised? In these organisations, many staff are recruited on the basis of them bringing with them client and business information.
Whilst we are on the subject of IT vendors, wherever possible, try and avoid end users dealing with them. Apart from the high risk of corruption in Malawi inherent in these deals, you also run the risk of end users being exploited by unscrupulous or unqualified vendors who will seek to offload incompatible hardware or software solutions.
Finally, I would like to make a strong case for Malawian business supporting Malawian IT service providers. Not just for patriotic reasons, but also for risk mitigation. In my experience, many large multinational organisations in Malawi utilize a multinational IT vendor and support solution.
These vendors often have inconsistent support and service levels from one country to another – seeking to place their skills and staff where they have the largest client base. Their knowledge of local issues and problems are also limited. By all means, look globally to ensure that your company gets the best services across the board. But companies should commit strongly to ensuring that there is a local skills transfer model, so that their IT issues can be dealt with speedily and promptly.
One of the main reasons for the IT brain drain in Malawi is due to the frustration felt by many IT professionals when they see projects that they can complete, being carried out by extremely expensive external specialists with a cosy relationship with their local client.
A vibrant writer who gives a great insight on hot topics and issues