By CPA Mustapha Bernabas Mugisa, Mr. Strategy
Director at the Institute of Forensics and ICT Security (www.forensicsinstitute.org)
He posted a WhatsApp message to a lady friend: “Here is the company’s payroll. Treat as confidential. Love you!”
The lady immediately forwarded to another friend. “These guys are ripping us off. Ugx 50m net for one person monthly. We went to the wrong schools. The payroll attached may make you dizzy, read while seated. Xoxo."
Within a month, the payroll, one of the documents classified as “confidential” was a subject of an article in an online publication. All payroll details were now available in the public domain.
The discontent that story spread through this organization started a snowball of resignations that they are still trying to recover from. It created an even wider gap between top management and the lower ranks.
And that organization has learnt the value of cyber security.
Although cyber-crimes come in many forms and schemes, all attack vectors are based on one idea: accessing and abusing organizational data.
For that reason, cybersecurity objectives focus on three things summarized as CIA – Confidentiality (no disclosure of confidential