The Department of Public Service and Administration (DPSA) is conducting a cybersecurity awareness campaign to improve the public service's resilience against cyber threats and to educate public servants about online safety as part of its 2025-2030 strategic plan, which emphasises building a capable, ethical and developmental state. This initiative aims at making cybersecurity a shared responsibility within the public service and ensure the protection of government information and systems.

According to the National Cybersecurity Framework of South Africa, “The numerous cyber-attacks launched in recent years aimed at undermining the functioning of public and private sector information systems have placed the abuse of cyberspace high on the list of international and local security threats. Given the seriousness of cyber threats, it is therefore imperative that the use of Information Communications Technology solutions be supported by a high level of security measures and a sophisticated cybersecurity culture.

Ms Tsakani Dumezulu, Director for the Government Information Technology Office (GITO) Directorate at the DBE, explained that the benefits of cyber security are to protect networks and data from unauthorised access and to ensure improved information security and business continuity management. This also results in the speedy recovery of a breach. Strong passwords are long, random, unique and include all four-character types (uppercase, lowercase, numbers and symbols). Password managers are a powerful tool to help create strong passwords for accounts; however, you need more than a password to protect online accounts, especially email, social media and financial accounts and enabling Multifactor Authentication (MFA) extra security by confirming identities when logging into accounts, like entering a code texted to a phone or one generated by an authenticator app. MFA significantly increases online security even if passwords become compromised, unauthorised users will be unable to meet the second step requirement and will not be able to access accounts. Ensuring software is up to date is the best way to ensure you have the latest security patches and updates on your devices. Regularly check for updates if automatic updates are not available.

The DBE’s GITO Directorate is currently conducting cybersecurity awareness. The following tips on cybersecurity awareness could prove useful:

• Do not click on direct links in emails and text messages or those that are requesting sensitive information. It is always best to go directly to the source.
• Do not overshare on social media platforms as the details can provide hackers with your location, ammunition to craft spear phishing attacks and answers to security questions. Think before you share.
• Do not go “out of bounds” for communication, for example, if you are buying something on eBay and the other party wants to negotiate via email instead of the bidding system.
• Never reuse passwords between any website or services.
• Always be sceptical of any unexpected invoice or request to receive or pay for anything by using gift cards.
• Never answer authentication recovery questions with real answers. Unfortunately, that means that you will have to write down each question for each website that requires them, but you will be far less likely to have your account hijacked.
• It is fine to speak to (confirm with) an email sender’s request to transfer money into your account, even if it is your manager – better be safe than sorry.
• Know who to report any suspicious emails to in your technical team. Do not delete the email, just report it.
• Invest in a password management tool; it is challenging to remember all your passwords; and
• Be vigilant with suspicious SMS messages; your bank will never ask you to access your account via SMS.

Do not get hooked by phishing scams. Think before you click and report suspicious emails. When in doubt, delete! Information security is everybody’s responsibility.