First actions
Public service resilience
Prioritise systems where disruption affects communities directly or exposes sensitive citizen records.
Identify essential services
List digital dependencies for payments, billing, permits, school administration, clinics and public communications.
Control privileged access
Use named admin accounts, MFA, quarterly access reviews and strict contractor offboarding.
Protect citizen records
Limit exports, monitor shared folders and document POPIA breach assessment responsibilities.
Rehearse incident coordination
Include communications, legal, service owners, procurement, suppliers and Cybersecurity Hub contact paths.
Sample guidance
Operational focus areas
Secure revenue and billing
Review access to billing platforms, payment files and customer records. Monitor unusual exports and privilege changes.
Protect learner information
Separate staff and learner accounts, control cloud sharing and avoid sending IDs or marks in unprotected spreadsheets.
Reduce tender fraud risk
Publish clear official channels, verify supplier changes and warn bidders about fake tender documents and payment requests.
Keep public notices available
Prepare alternate communication routes for outages, defacements or social media account compromise.
Checklist
Service-owner review
- Confirm each critical service has a named business and technical owner.
- Review admin and supplier accounts for billing, HR and citizen-data platforms.
- Check backups include configuration, databases and document repositories.
- Test the incident contact list after hours.
- Verify public messaging templates for cyber incidents and service outages.