By Kevin Shadwell
HAVING been involved as a supplier to all sectors of the Zimbabwean economy, including mining, over the last 35 years, it has been noticed that corruption in all forms, in all sectors and at all levels has increased exponentially, especially in the last 15-20 years. This article looks briefly at why corruption takes hold, who it affects, and how, perhaps, to overcome it.
Corruption takes all forms, from monetary reward to provision of “favours” for family or friends, or even job providing and promotion, however, it all really comes down to bettering one’s financial position. The most common form is suppliers inflating the price of goods/services and paying a “commission” from this to the purchaser. An additional form is also to give a “commission” to the stores and accounts personnel for quick/early processing of payment.
There are several reasons why corruption rears its ugly head varying from personal greed to financial need and opportunistic behaviour. In all cases, and no matter, the reason, both the supplier of goods/services and the purchaser are responsible as there has to be collusion and agreement on how to extract maximum value from any transaction. Whilst those entities or individuals profit from these illicit transactions many other parties are disenfranchised and they primarily consist of the shareholders of the purchasing company, who are invariably paying a lot more for the product/service than they should be, hence this higher cost eats into profits.
This in-turn has a direct effect on the employees of that company since their livelihoods are greatly dependent on the profits of the company. It is also extremely difficult to gain new investment, since investors want a good return on their investment, as they do not want hidden and unwanted leakages of profits.
How do commercial entities like mines, and other large corporates overcome this scourge? There are various actions and policies which can be put into place.
Firstly, have a very strong policy of anti-corruption with heavy penalties for offenders, including prosecution;
Have a strong loss-control department that reports only to the shareholders/board or most senior management;
Have a “tip-off” system or sub-contract an independent “tip-off” agency to allow employees, suppliers, and other parties to make reports on corruption and corrupt deals;
Have lifestyle audits of staff and suppliers;
Continually do price checks on regularly purchased items;
Have supply contracts, including price rulings with reliable and regularly audited suppliers;
Only purchase products/services from authorised manufacturers or distributors;
As far as possible use local suppliers since they are easily traceable and regular visits to them can be made, by loss control;
Continually check your creditors to see who is being paid well and timeously and who is not;
Report corrupt individuals and companies to your industry association; and
Screen new employees very closely and check their references.
In closing, it must be said that this “cancer” will eventually kill its host if not dealt with and removed with precision. Let us all act with integrity as it is this trait that we will be most remembered by.
Shadwell was born, bred and educated in Bulawayo. He is a business owner and shareholder in various supply companies from chemical products through to engineering supplies to all sectors. He has been working in the commercial sector since 1986, mostly sales and marketing, but progressed into senior management/directorship in 1995.
Implementing cyber security basics reduces risk
- WITH remote and hybrid working a new ‘normal’ and cyber crime escalating at a rapid rate, more businesses are at risk than ever before.
Recent rapid digital transformation and reliance on cloud-based solutions has made businesses — in Africa as in the rest of the world — more vulnerable to cybercrime. In today’s global village getting hacked or being the victim of cybercrime inevitable.
The shift to hybrid working (https://bit.ly/3uEoVwZ) has expanded network perimeters, which now include the core office location as well as employees’ homes.
Mobile and remote work can be beneficial to productivity but does open up new threat vectors with device management. The enormous growth in the use of connected devices — such as laptops, printers and phones — results in more entry points for possible attacks.
At the same time, cyber crime is evolving and becoming increasingly sophisticated. It has shifted from trying to infect as many devices as possible to looking for weak links, which can enable criminals to steal data or hold corporate systems to ransom.
A mistake or omission by a single employee — or even a third-party provider — can potentially bring down a whole company.
When employees work remotely — at home or in public spaces — they operate outside of the company’s usual controls; existing security measures may no longer be applicable or effective.
The risk is universal; even large, well-resourced companies have failed at times, often against basic attacks.
Typical attacks vectors include malware, ransomware, and identity theft and email phishing, possibly the most prevalent approach in Africa. Messaging apps like WhatsApp have also been used to compromise victims.
The financial impact of cybercrime can be enormous; the European-based Pathé cinema chain lost over US$21 million to a Business Email Compromise (BEC) scam and in the US, CNA Financial paid out US$40 million in ransom in 2020.
Such costs can be crippling, particularly for small and medium enterprises (SMEs) that may not have the financial resources to recover. The ‘infosec poverty line’ is a reality — many small businesses, the backbone of most African economies, simply cannot afford to employ dedicated IT professionals and the massive increase in the cost of cybersecurity and cyber insurance puts them out of reach for many.
While you are never able to completely eradicate risk, there are simple steps to take that can build the cyber-resilience of almost every business. Work with your reality — whilst IS issues are global, they manifest differently in different areas; there is not a one-size-fits-all solution.
Focus on the basics, develop a plan and lead for success. Do not attempt to force people to do as they are told; adjust the message dynamically to fit the actual situation. The priority is to lead in a way that keeps your business and your customers safe.
The first step is to check the internal and external IT perimeter for gaps. A single-entry point can allow an attacker in, rather like an open window is an invitation to an opportunist thief. In today’s fully connected workplace, every device is a potential entry point for criminals. Everyone’s security and every piece of equipment need to be on par.
You may have a partner who can assist — at Canon we offer our partners comprehensive assessments to help mitigate security vulnerabilities. Look for third-party service providers with built-in security and a good track record, you may have already paid for security services through your email and internet provider; check what you already have and plan from there. Working at scale allows them to incorporate many security features a much more reasonable cost.
Most importantly, ensure your employees turn on security features in the software and devices they use. Multi-factor authentication is offered on almost all social platforms, is usually free and is one of the easiest ways to give your security a dramatic boost.
Ultimately, people are both your strongest and weakest link. It only takes one errant click on a phishing mail to open the company to risk. Educate employees on basic cyber hygiene and encourage them to come forward and share mistakes. If an error is out in the open, it can be fixed. Your defence strategy is only effective if breaches are reported. Develop processes and systems that protect against loss if one person’s email is compromised.
You do not need to be the most secure business; you just need to be more secure than your neighbours. Most criminals are opportunists, looking to attack easy targets. It is not about spending; some companies invest heavily in IS but have not turned on email multi-factor authentication.
By taking control of your information and network and educating all your employees, you can keep one step ahead of cyber-criminals and continue to serve your customers with confidence.
- Quentyn Taylor
- Director of Information Security at Canon Europe, Middle East and Africa (www.Canon-Europe.com).