In a strategic meeting held recently in Nairobi, NCBA Bank brought together leaders from savings and credit co-operatives (SACCOs) across the country to discuss the vital need of embracing cyber security in their businesses. With SACCOs playing an increasingly significant role in the socio-economic development of Kenya, the discussions focused on how these institutions can protect themselves from the growing threats posed by cybercrime, while at the same time digitalizing in a bid to enhance service delivery and product development.
The lender made it clear that while the future of financial access lies in digital platforms, there are new risks that come with this transformation. The bank stressed that SACCOs must take cyber security seriously to ensure the safety of their members’ data and maintain trust.
To start with, Saccos need to focus on cyber security and data protection. This is by developing comprehensive cyber security strategies to protect their systems and members’ data. One key recommendation was for SACCOs to implement data protection policies that comply with local and international standards. NCBA suggested that SACCOs should have dedicated cyber security teams in place to monitor, identify, and respond to potential threats. By investing in the latest cyber security tools, these teams can improve the overall resilience of SACCOs in the face of rising cybercrime.
The lender also called for increased awareness among SACCO members and staff. To that end, it proposed the development of nationwide awareness campaigns aimed at ensuring that members are informed about the importance of cyber security and how they can protect themselves from potential fraud and data breaches.
The bank introduced the Sacco leaders to the CIA framework of cyber security- confidentiality, integrity, and availability. This model ensures that data is protected from unauthorized access (confidentiality), only authorized users can modify information (integrity), and systems are operational and accessible when needed (availability). SACCOs were advised to apply these principles in all aspects of their operations.
Government’s role
Secondly, NCBA emphasized that the government of Kenya has a crucial role to play in the growth and overall success of SACCOs. To that end, it applauded the government for its ongoing support in the digital transformation of financial services, which has allowed SACCOs to modernize and expand their reach to underserved communities. This support has been vital in ensuring that SACCOs can offer a wider range of savings and credit products like mobile banking and online loan applications.
To start with, the government has put in place regulations that ensure SACCOs operate within a safe and secure framework, particularly through the Sacco Societies Regulatory Authority (SASRA), which oversees compliance. This regulatory oversight ensures SACCOs are held to the highest standards and that their members’ savings are protected. The government’s support for the private sector, including SACCOs, is essential in creating an environment that fosters growth. By enhancing regulatory frameworks, promoting financial literacy, and offering targeted funding initiatives, the government helps SACCOs expand their reach and impact.
Risk management and financial responsibility
NCBA highlighted that SACCOs need to adopt robust risk management strategies. These strategies should not only focus on cyber threats but also on financial risks that impact SACCO members and their families. It was noted that financial access challenges – for instance being listed on the credit reference bureau – affect almost 80% of Kenyans. SACCOs must take a proactive role in helping members repair their credit and rebuild their financial stability. NCBA advised SACCOs to go beyond just offering credit by educating their members’ to be financially literate.
White hat versus black hat hackers
A crucial part of the discussion centered around hacking and how SACCOs can protect themselves from malicious cyber-attacks. NCBA staff members, Godfrey Machio ( data protection specialist), George Ochola ( head of information security), and Kevin Saitoti(data privacy practitioner), pointed out that not all hacking is harmful. They pointed out that white hat hackers ( or ethical hackers) can help organizations identify and fix vulnerabilities in their systems before malicious hackers, known as black hat hackers, exploit them.
SACCOs were encouraged to collaborate with companies specializing in cyber security and ethical hacking. By working with white hat hackers, SACCOs can proactively secure their digital platforms and prevent attacks that could harm their members. The experts emphasized the importance of continuous cyber security assessments and adopting a proactive stance in dealing with cyber threats.
Cyber security strategy for SACCOs
NCBA presented a four-step strategy for SACCOs to manage and mitigate cyber security risks – identify, protect , detect and respond. SACCOs should begin by identifying all critical processes, assets, and data that require protection. This includes not only financial data but also member information and transaction histories. Once identified, appropriate safeguards must be implemented to ensure that these assets are secure. This involves upgrading security systems, encrypting sensitive data, and limiting access to authorized personnel only. Third, Saccos should put mechanisms in place to detect cyber security threats in real-time. This can include monitoring software and regular system audits to identify potential weaknesses. Finally , in the event of a cyber-attack, SACCOs should have a clear response plan in place to contain the incident and minimize its impact. This includes having a dedicated team of cyber security experts who can act swiftly to protect the organization and its members.
The road ahead
NCBA’s message to SACCOs was clear: cyber security is no longer an option but a necessity. As SACCOs continue to digitilize their products and services, besides expanding their reach, they must prioritize the protection of their systems and their members’ data. With the support of the government and strategic partnerships, SACCOs have the potential to significantly contribute to the growth of the Kenyan economy, but only if they take proactive measures to safeguard against cyber threats. In the same vein, by working together with ethical hackers, cyber security experts, and the government, SACCOs can ensure that their digital transformations are successful and that their members remain protected in the rapidly evolving financial landscape.