Information security aspects surrounding SMMEs in Cape Town, South Africa

Abstract

Information security management is a crucial factor for all organisations under the current scenario of business globalisation. Businesses and organisations have availed huge amount of information on their databases, rendering it vulnerable to all types of cyber-attacks in the form of spams and malwares. Organisations, therefore, have to protect their databases to ensure privacy and confidentiality of data. Owing to the information security threats, this study evaluated information security aspects and how they can be included in the information security management framework for SMMEs in Cape Town. Semi-structured questionnaires were administered to 13 professionals in the IT Department of selected SMMEs in the tourism sector of Cape Town. The response rate was high (87%) and the respondent male-to-female ratio was almost equal. Findings from this study reveal that SMMEs are aware of the importance of information security for their businesses. How SMMEs perceive information security management is reflected in how they have established measures to protect their information as well as training and policy reviews that are conducted annually. Despite the theoretical policies that are in place for information security management, most respondents, however, highlighted lack of resources as a hindrance faced by SMMEs to invest in information security. Most SMMEs (92%) have information security policies in place, according to findings from this study, and 91% of the respondents highlighted that the SMMEs have a designated IT department responsible for information security management. In this study, all the respondents managed to describe the various measures that are in place when dealing with customers to protect both the SMMEs and their customers from cyber threats. Most respondents explained how installing anti-viruses on company laptops and computers manages their information security. The findings from this study provide a strong baseline for SMMEs to review their existing operating styles as well as to improve SMME data protection by applying adequate security measures.