SA businesses have a duty of care to protect themselves and clients from phishing


Cybersecurity threats are continuously on the increase, with 96% of phishing attacks delivered by email. A successful phishing attack leaves two victims in its wake: the person who falls for the requests or promises of the perpetrator and the company whose domain has been compromised.

Victim or not, a recent South African court judgement found that a company whose email domain had been compromised was to be held liable for not having a sufficient duty of care in place to warn its clients about potential compromises. While this duty of care is incredibly complex to fulfil, there are other solutions available to businesses who trade in trust to protect themselves and their clients from falling prey to phishing scammers.

“Phishing, spoofing, cloning, and impersonation are deceptive attacks on businesses and their customers, with the perpetrators being just about impossible to trace, identify and prosecute,” says Naeem Gabru, Group Chief Information Officer at Metrofile.

“That is why every South African business should take responsibility for implementing solutions that defend their email domains from attackers while identifying vulnerabilities so that they can be remedied. If every business contributed to building this cyber defence force for their email domains, the clients they interact with on email would be protected” he adds.

IronTree, a Metrofile subsidiary, has partnered with Sendmarc, cybersecurity email protection and compliance experts, to implement its Domain-based Message Authentication, Reporting and Conformance (DMARC) across Metrofile’s email domains. DMARC protection means that a receiving email server rejects non-DMARC compliant email. This protection makes sure that every email that purports to be from a business’s domain is the real thing, and alerts both the domain that has been compromised and the targeted receiver that something is amiss.

“With 16 email domains in our realm, it was clear to us that we needed to take pre-emptive steps to protect everyone that could potentially engage with these email domains across the group of companies,” says Gabru.

“The two-week installation process was seamless and straightforward, with IronTree and our hosting provider working closely to implement this additional control to our email security” he adds. “Domains were then monitored and configured, during which time authorised sending servers were defined. DMARC was then optimised, with full compliance reporting and certification following that process.

“Having the support of IronTree and Sendmarc via a managed service contract means that our in-house teams can focus on their tasks and that they can leave specialised email security issues to the experts while monitoring trends on the Sendmarc dashboard,” he says.

“Our domains are fully compliant with constant monitoring for any non-compliant senders, which are immediately investigated and remediated,” Gabru says. “That means that our email domains, customers, suppliers, and employees that interact with us are protected from email impersonation-related cybercrime. 

Brandstories Disclaimer:

Brandstories is not liable for the contents of the information published on this platform. The information which subscribers publish on this website is for general information purposes only and Brandstories facilitates the ability for viewers and subscribers to access this platform. Subscribers who publish their content on Brandstories are held responsible for their own content. This includes ensuring that it is factually accurate, grammatically correct, free of spelling errors, and does not contain unsavoury content that could result in legal action. In the case of linguistic translations, the onus is on the client to ensure that the translation is accurate. In no event does Brandstories make representations or warranties of any kind, expressed or implied about the completeness, accuracy, reliability, suitability or availability with respect to the information supplied and published. This website includes links to other websites, including third party websites. Brandstories does not recommend, endorse or support any views that are held by subscribers publishing information, and within these links provided. Furthermore, Brandstories does not have control over the nature, contents and availability of information contained on these sites. Any form of reliance readers and consumers may place on information published on Brandstories is strictly at their own risk. Brandstories makes every effort to ensure that the website is up and running smoothly at all times, however Brandstories does not take responsibility for, and will not be held liable for times when the website is temporarily unavailable due to technical glitches that are beyond our control.

Established for 20 years, the MediaWeb Group has built a reputation for the highest quality of digital storytelling and content distribution, specifically for industry-leading brands. This has been achieved by a two-decade journey of selecting an extensive network of senior writers, journalists, producers and videographers who create world-class content for distribution across media channels.