The IT landscape in South Africa is facing some of its biggest shifts yet, and businesses must be ready to adapt accordingly. Adjusting to technological advancement will certainly bring new challenges in the form of security and compliance, but agile businesses that are ready to make the necessary changes will benefit greatly from this fast-changing dynamic.

This is according to Terence Govender, Director of Mazars’ newly established IT Advisory division, who says that, in addition to the expected implementation of the Protection of Personal Information (POPI) Act, the recent changes in South Africa’s economic landscape should alter the way companies now view and use their IT systems – including applications, connectivity and migration to the Cloud. In an economy hard-hit by the COVID-19 national lockdown, technology has been essential in enabling remote working in the digital enterprise.

“POPI is likely to come into effect in this year, which will expose businesses to significant regulatory pressure and possible fines in the event of cyber breaches. In addition to this, the national lockdown has forced many companies to put temporary measures in place to allow their employees remote access to their servers while working from home. Businesses need to start implementing more permanent solutions to sure-up the security of their systems, while still allowing a substantial part of their workforce to work from home. The corporate network has now extended to the home. I think it’s clear that remote working will be needed for a while still, and may continue to be the new normal, where bricks and mortar and large offices are no longer required,” says Govender.

The number of cyber assessments for businesses are also starting to increase now. The risks related to potential cyber breaches have grown exponentially for businesses over the last ten years. “Mazars recently analysed the risks related to cyber breaches in the financial services industry, looking beyond just the obvious risks. We found that the fallout from such an incident has the potential to devastate even large corporates that some may think should surely be able to withstand such a breach.

“To start, companies can already be held liable for the safety of their clients’ personal information and any breach could easily result in a lawsuit. Once POPI is enacted, businesses will also face fines of up to R10 million. Then there is also the company’s reputation, which is one of the most fundamental strategic risks to any company. With social media and the reach of online news being what it is today, companies could see large portions of their customer base disconnecting from their service following a cyber-incident.”

With that said, Govender also notes that the ways in which the extended lockdown has changed the economic landscape, may in fact hold several benefits for the private sector. “Most businesses were forced to expedite their existing digitisation plans and have now seen that they can continue to operate effectively with a substantial part of their workforce operating off-site. I predict around 60% of businesses will continue to allow their employees to work-from-home after lockdown. The cost-saving implications of this are extensive in the long-run.”

The trend for more and more businesses to move their data systems to secure cloud servers – which is significantly more cost-efficient and in many cases safer than storing information on-site – is one that is here to stay.

“Business owners are likely to start asking themselves whether they really need as much (expensive) office space and equipment as they have in the past. I think there will be a fair number of companies moving to smaller and more cost-effective office spaces, once they realise how much of their workforce can successfully operate remotely.”

“For businesses thinking about allowing their employees to work from home more permanently, it is vital to understand that their corporate network now extends far beyond the confines of an office building. This is where the blind spots in an organisation’s cyber security are most likely to exist, so it is paramount to ensure that cyber policies and risk management are not only applied to the office, but also to each employee’s personal networks and devices. Now is the time to engage with a service provider that can conduct in-depth audits of one’s IT networks and highlight any possible risks before it is too late,” Govender concludes.