Cyber Security Advice for South African Businesses

South African businesses face the same global threat landscape as larger economies — phishing, ransomware, business email compromise, and credential theft — often with leaner IT teams and tighter budgets. A practical security baseline beats expensive tools that are never configured properly.

Layer 1: Identity and access

• MFA on all business accounts, especially email and admin portals.
• Unique passwords stored in a business password manager — never reuse personal passwords at work.
• Least-privilege access: staff should only have admin rights when their role requires it.
• Revoke access the same day someone leaves the organisation.

Layer 2: Email and collaboration security

Most breaches start with email. Use Microsoft Defender for Office 365, Mimecast, or equivalent filtering to block malicious links and spoofed senders. Train staff to verify payment and bank-detail changes by phone — BEC fraud targets South African companies regularly.

Disable legacy authentication protocols (IMAP/POP/SMTP basic auth) once modern apps are in place.

Layer 3: Endpoints and networks

• Deploy managed endpoint protection (EDR) on laptops and servers — consumer antivirus is not enough for business.
• Enable BitLocker or device encryption on portable devices.
• Segment guest Wi-Fi from corporate networks.
• Keep firewalls, routers, and VPN appliances on supported firmware.

POPIA and data responsibility

The Protection of Personal Information Act applies to how you collect, store, and protect personal data. Know where client and employee data lives — email, CRM, file shares, backups — and restrict access accordingly. Document incidents and notify affected parties when required.

Incident response basics

Have a one-page plan: who to call, how to isolate an infected machine, and where backups are stored. FKS Computers provides cyber security assessments, endpoint protection, and incident support for businesses across South Africa.