[Column] Cynthia Wandia: SACCOs should invest in securing their management systems
Every Savings and Credit Cooperative (SACCO) that has digitized its operations can attest to the efficiency that comes with such a move. Digitization helps to enhance productivity in SACCOs and improves service delivery to members. Today even small SACCOs with few members operate on digital platforms and enjoy the benefits of various digital solutions available to SACCOs.
Despite the obvious benefits of digitization, the security of SACCO management systems has been a key consideration for SACCOs seeking to procure core banking or mobile banking. With the imminent threat of cyber-attacks, safeguarding member’s data and investments is paramount.
A report by Cyber Security Consulting Firm Serianu has revealed an increase in cybersecurity budgets for SACCOs in Kenya over the last three years. The report attributes this to digitization and adoption of new technology, increased awareness on cybersecurity and the frequency of cyber-attacks targeting SACCOs.
How then can we access the security of a system? Firstly, it is important to remember that security risk assessment is not a one-time project, rather it is a continuous process. Regular audits provide SACCOs with the current status of their management solutions detailing threats and vulnerabilities of the system.
A good system should also provide audit trails; it is important that your SACCO management system documents every interaction or action with the SACCO. This needs to be recorded along with its details so as to help track system activities. It also helps in information retrieval during system audits.
Secure messaging also defines the quality of a system. SACCOs must invest in systems that have secure messaging as a safe means of communication between the SACCO and its members. A secure messaging platform could mean a dedicated intercom solution that enables SACCOs to communicate to their members This helps to protect members against phishing attacks and other scams.
System authentication is also a key quality of a good SACCO management solution. The system should have methods of verifying the identities of the SACCO members. This aids especially during banking transactions. Methods of authentications include security questions, use of One Time Passwords (OTP) biometric identifications etc.
Secure SACCO solutions are also designed to allow limited login attempts. This is a way of preventing unauthorized access to the system by trying a variety of password combinations. Limited login attempts reduce the risk of a brute-force attack by locking users out after a small number of incorrect password entries.
Securing your system is critical. SACCO members need to be constantly assured that their SACCO safeguards their data and investments. With these ideas, we hope you find your way to digitize in a secure way.