Search results: phishing

Phishing & Email Scams Gain Momentum in South Africa

5 Nov

One would think that will all the awareness campaigns around phishing and email scams, South Africa’s risk profile would be on the decline. As it turns out, it’s not. Email scams and phishing scams are always on the rise and, right now, unsuspecting South African citizens are being scammed. Whether it’s due to ignorance or carelessness, thousands of rand are being delivered into the hands of criminals via online scams.

What can you do to protect yourself?

Being aware of the latest scams and ensuring that you behave safely online are the first steps to take.  Let’s take a look at the latest…

Ministry of Finance Scam

The Minister of Finance recently warned South Africans to be aware of a scam doing the rounds in the first week of October 2019.  The scam involves an email that is sent to thousands of South Africans claiming to be from the Ministry of Finance. The email advised the recipient that there are millions of rand that need to be claimed from the South African Reserve Bank and that the recipient of the email is indeed one of the citizens entitled to do so. To start the claims process, the individual will need to send through their particulars, including:

  • Full name
  • Date of birth
  • Occupation (place of employment)
  • Cell phone number

The intention of this fake email is to gather the personal information of the recipient.

The Minister of Finance has spoken out against the scam and asked South African’s to ignore emails of this kind from the Ministry. It’s important to note that the Ministry of Finance will never request personal information via email.

Department of Labour Scam

Another scam that’s taken the South African community by surprise is one targeted at the Department of Labour and aims to take advantage of the desperation of some citizens.

The scam, which is social media-based, involves a fake social media page complete with Department of Labour branding. The page features an announcement that claims certain citizens, who have worked in the country between 1990 and 2019, have the right to claim/withdraw R30 000 from the Ministry of Labour. To do so, individuals must check if their name appears on a list of entitled individuals. The next step would naturally be to provide the “Department” with all their particulars, including banking details so that the claim could be paid out. Once again, a fake email is being used to gather personal information.

The Department of Labour has spoken out against this scam and informed the public that there is no such benefit in place.

Are the Criminals Winning?

Does the steady increase in phishing and email scams in the country, and the world, mean that there are no wins from the cybersecurity community? No, it doesn’t. In fact, that is where the good news comes in. Just recently, the Department of Justice in the United States made a massive breakthrough in Cyber Crime, where 281 email scammers were arrested in a major global sweep.

While South Africa didn’t appear on the list of criminals, South African citizens have undoubtedly been the target of many of these arrested criminals. The Department of Justice seized a whopping 3.7 million dollars during the operation while arresting people from the following countries:

  • Nigeria (167 arrests)
  • United States (74 arrests)
  • Turkey (18 arrests)
  • Ghana (15 arrests)
  • The last seven criminals were located in France, Italy, Kenya, Malaysia and Japan.

As you can see, West Africa is in the lead by leaps and bounds.

Protect Your Own Best Interests

While it might not be possible to shut down every scammer in Africa or the rest of the world, there is a way to minimise their impact. And that is through awareness. Tech users need to become savvy to the prospect of scams and be aware and alert at all times when receiving emails and other forms of communication from people and enterprises they do not know.

If something seems a bit fishy, it is best not to respond, or completely shut down communications. Also, keep in mind that any email requesting personal information over the internet is not considered safe and secure – rather avoid it. If you wish to confirm that it is, in fact, the authorised company or person making contact with you, call the company in question and speak directly to an official representative.

Security First Then Business

3 Sep

2020 was, without doubt, the year that businesses across the globe went ‘remote’. Call it the fall out of the Covid-19 crises or the fact that more business organisations are embracing the 4IR (fourth industrial revolution) – one thing is for sure; more people are working from home. There are perks to this approach such as money saved on rental, more hours of productivity, no more daily commuting, but there’s one very big downside; the security risk.

With increased remote working, new technology is being introduced to the business and this means that new threats are a high possibility. When an employee is working from home and using their own network and device to access business systems and data, chances are that your business could end up hacked or sensitive data leaked, lost, or damaged/destroyed.

Adopting the Right Security Mind Set

Along with a new way of working this year, people seem to have adopted an “it won’t happen to me” mindset, which can be counterintuitive. A business with such a mindset is a business that’s opening itself up to possible devastation. Cybersecurity isn’t just something for “other people” to pay attention to. Every business from the smallest to the largest needs to take just as much care and have just as much vigilance when it comes to cyber-security.

In South Africa, it appears that business owners believe that cyber-attacks are a problem for the international business landscape, when in fact, the statistics tell us a different story. In a countrywide survey carried out by Sophos at the beginning of 2020, it was uncovered that 24% of business respondents were in fact hit with a ransomware attack that impacted their business significantly. Even more surprising is that 27% of those businesses affected admitted that they did, in fact, pay the requested ransom.

Business owners can stand to gain from adopting a “security first then business” attitude when it comes to using new technology and allowing employees to work from home. One of the first steps you should take is to implement precise security measures that safeguard against the new business operations bringing the organisation to its knees.

What to Do – Security First Then Business

Industry professionals will tell you that there are several measures business owners can take to safeguard their businesses. These include changing passwords regularly, limiting access of employees to business systems, disallowing the use of personal devices to access company networks or store sensitive business data and so on.

There’s more that you can do to protect your data and business interests though. For starters, transitioning to a cloud-based system could streamline business processes as well as offer an added level of security. Data stored in the cloud should be encrypted and regular automated backups should ensure that in the event of being hacked, there’s no need to pay a ransom as there’s a safe and secure copy stored in the cloud.

When to Take Action

There’s no point in waiting to be the victim of a phishing or ransomware attack before you start taking precautions or implement security systems. Instead, take the notion of prevention being better than cure and ensure that you get your business cyber-security systems up to standard today.

For assistance with encrypted cloud backups and further advice on securing your business, get in touch with us at Soteria Cloud today.

A ‘Security Incident’ or hack attack? What the Twit, Twitter!

11 Aug

Already facing a potential Federal Trade Commission fine of $250 million after admitting to improper usage of users’ personal information in 2019, Twitter is in privacy hell! Whether or not you are an avid Twitter user, you will probably have heard that the company also suffered a recent hack attack which they classified as a security incident. According to inside reports, the attack included some high profile users such as Bill Gates and Elon Musk. What the twit, right!

Okay, hold on, let’s start at the beginning. What happened?

On the 15th of July 2020, a social attack was engineered and carried out on Twitter. According to the company, 130 Twitter accounts were attacked. The hackers used 45 of those accounts to spread Tweet posts and gained access to the inboxes of 36 others. Data was downloaded by the attackers from 7 accounts successfully.

More About the Attack

So how did the hackers ever gain access to the accounts of 130 unsuspecting users in the first place.? The answer is actually rather ambiguous as it’s both simple and complex at the same time.

Twitter has gone to great lengths to investigate what they initially referred to as “a security incident” and have found that it is the result of a small group of their employees being targeted through a phone spear-phishing attack.

What is a phone spear-phishing attack?

Quite simply, fraudsters send emails from a known or trusted sender in order to get the target to reveal confidential information. This method works more often than not as the target believes they are talking to their trusted contact, when in fact, they are not.

In order for the attackers to be successful, they needed to obtain access to the internal network where they could gather the credentials of specific employees with access to internal support permissions. To some degree, they succeeded.

Their hack, however, required a two-step approach as none of the targeted employees had all the necessary permissions that were needed by the hackers. Using the credentials of some of the employees with the right access, they were able to target 130 Twitter accounts; tweeting from 45, downloading the Twitter data of 7 and direct messaging of 36 users.

What is the Risk to You?

For the most part, the hackers were unable to access the private info in the majority of the hacked accounts (save 7 that is). Twitter confirmed the following:

  • The hackers could view user’s email addresses and cell phone numbers.
  • Hackers were unable to view previous account passwords.
  • The company is still investigating how much information the hackers gained access to from accounts that they were able to take over.

The investigation is still underway and Twitter says it will do everything it can to ensure that a similar attack doesn’t happen in the future.

Steps You Can Take

Just to be safe, you should change your Twitter password and take the time to suss out your profile for any unusual activity. Make sure that you never click on email links or attachments, even if it seems to come from a trusted source. Check with the source first as to whether or not they messaged you and why.

At Soteria Cloud, we have a tendency to repeat ourselves – with good reason. We can’t tell you often enough how important it is to change your passwords regularly and that you should be storing sensitive information in an encrypted format in the cloud.

If the Twitter hack gave you a bit of a scare (or wakeup call), perhaps now is the time to start looking into ramping up your cloud backups and device security.

Top 5 Cybercrime Trends during the COVID-19 Era

17 Jun

When Coronavirus stole the limelight and drew the attention of literally every human on earth, it seemed the perfect opportunity for cybercriminals lying in wait to strike. And they have been striking hard ever since!

What Cybercriminals Have Been Doing While You’ve Been Fixated on COVID-19

A flurry of cybercriminal activity has been going on over the last few months and many of them seemed spurred on by the arrival of the virus itself. Let’s take a look at the top cybercrime trends that have recently been noticed.

They’ve enjoyed going phishing!

Unlike those who like to spend the day on a camping chair, with their fishing rod and line in the water, cybercriminals prefer to do another type of ‘phishing’. And it turns out that they are rather good at it. Phishing involves emails that contain legitimate-looking information that prompts you first to open the email and then to respond, usually by requesting your personal particulars or urging you to click on an unsafe link/file in order to fix or resolve some sort of problem. Coronavirus themed phishing emails disguised as health alerts or advice from the WHO have been on the rise.

They’ve enjoyed a bit of harvesting!

Have you ever heard of information harvesting? This requires an information-stealing trojan which is put to work gathering the likes of passwords, user names, banking details crypto currency and e-wallets and more. One particular version of this that you might have heard of is AZORult. This is sent out to people, cleverly disguised as a Coronavirus infection map app. It’s unfortunately designed to steal your information instead!

They’ve enjoyed a few ransom situations!

Ransomware is nothing new, but it’s suddenly on the rise. With more people working from home, they aren’t constantly being reminded of the possible data and security threats that arrive on their screens and inboxes. This makes it easier to encourage the victim to click on an unsafe link, download an unsafe file or click on through to a website that’s packed with booby traps. Once the link has been clicked or the file has been downloaded, the data on the device is encrypted and it can only be reversed if a ransom is paid.

Holding people to ransom in times of a world health crisis really shows you the true nature of a cybercriminal, doesn’t it!

They’ve enjoyed snooping on telecom virtual workers!

With many people still working from home currently, a large portion of the population has become familiar with online meeting systems such as Zoom. What they are perhaps still unaware of is that some of these systems, including Zoom, are not completely secure and a few (make that many) people have had their devices hacked by opportunistic criminals. These criminals then spy on the user and gain the info they need to steal their identity or data. Using a VPN (virtual private network) can help to minimise this risk, but it can’t completely eliminate it – especially if the cybercriminal knows what he/she is doing.

They’ve enjoyed reviving fake pharmacies

Cybercriminals have spent a lot of their time trying to promote shad markets. They have targeted real pharmacies with bots and scrips that turn the website into a site riddled with links and comments that are just as dodgy as the sites they send you to. Out of interest, a user may click on one of these links and is then taken to a fake pharmacy or encouraged to buy fake or harmful medical products.

Protect Yourself & Your Business Devices

During COVID-19 era, it’s not just about protecting yourself physically. You also need to protect your business devices and staff members from the onslaught of cybercriminal activity. Take the first step by backing up your sensitive data online and then start implementing methods to ensure that your remote workers are always taking cyber safety precautions.

Opportunistic criminals ramp up cyber-attacks during challenging times

14 Apr

While the world is paralysed in fear and heavily distracted by COVID-19, cybercriminals seem to have focused their attention on the WHO (World Health Organisation). Responsible for directing international public health within the United Nations, the primary objective of WHO is to ensure that all countries are advised on correct health procedures and are fully up to date on the health risks and threats that encompass the world.

Cybercriminals are seeking out ways to use the COVID-19 threat to mimic WHO and gain access to sensitive information, while taking advantage of panicked citizens the world over.

The Cyber-Attack on World Health Organisation

On the 13th of March 2020, cybersecurity researchers noted that a malicious site was set up mimicking the WHO internal email system. The main objective of this site seemed to be the theft of user names and passwords. Due to the nature of the attack, which seems focused on healthcare and humanitarian organisations, it appears that the hackers don’t have a financial motive in this instance, but rather an intent to gather data and intelligence.

Cybersecurity officials responding to the attack confirm that it was thwarted and suggest that the cyber-attack was possibly linked to nation state officials seeking intelligence. The source of the attacks were neither claimed nor confirmed, but it is clear that the objective was to gather information on tests, vaccines, and cures for the Coronavirus.

There is some suspicion that DarkHotel, a group first detected in 2014, was behind these attacks. The group is known to target corporates and diplomats using luxury hotel Wi-Fi networks.

The WHO Warns of Malware Scam

Since the onset of the COVID-19 pandemic, the WHO has been the target of many scams.

Cybercriminals have sent out a plethora of emails pretending to be WHO officials. These emails warn of the dangers of COVID-19 and request recipients to click on a link or open an attachment. Unfortunately, the communications are scams, an easy way to get concerned readers to unwittingly install HawkEye key-logging malware on their device.

Criminals Ramping Up Scamming Efforts

Cybercrime professionals have noticed that COVID-19 themed websites, in excess of 2 000 per day, are being set up by opportunistic criminals. There has also been an increase in botnet driven emails with malicious intent doing the rounds.

Protect Yourself

Fear surrounding the pandemic is being used to launch phishing and malware attacks the world over. Now more than ever before you need to protect yourself and your data, remain vigilant, and never interact with unsolicited emails received by health officials. If you do receive such an email, make contact with the organisation to confirm legitimacy of the email and communication.

In times of uncertainly, while criminals increase their efforts, it is important for citizens of the world (not just SA) to be vigilant, cautious and careful. Protect your personal data by erring on the side of caution.

Hackers don’t break in; they log in

8 Apr

When we think of hackers, we tend to visualise clever online criminals who use sophisticated software to decode or crack passwords and gain access to accounts. In most instances this just isn’t the case, as many people unwittingly hand their password over to a hacker without even realising it.

Cybersecurity officials are faced with the same reality: passwords are being stolen and advanced hacking tools are not always needed.

How it happens

So, how does a hacker get access to an employee’s user name and passwords?  We take a look at the most usual hacking methods below:

  • Phishing emails

One of the most common ways for a hacker to get a password without using technology is to ask for it. Yep, it sounds awfully easy, but one thing you need to realise is that for an experienced hacker, it is as simple as that.

Phishing scams are the most prominently used form of password acquisition. It requires no software, but rather involves a hacker pretending to be someone trustworthy or an official person. They usually make contact by email or telephone and make a very convincing story.

The email signature may include the company’s correct telephone numbers and website address, tempting people into trusting the communication.

During a one-on-one conversation about the specific account, the “official” (who is actually an opportunistic hacker) will request bits and pieces of information from you such as your username, your card number, your account number, your ID number and so on.

At some point in the communication, you may receive a link to a website where you are required to input your user name and password. Of course, the hacker now has the user name and password and can then use the employee’s account to send out seemingly trustworthy communications, authorise transactions, and carry out various functions on business systems while flying under the radar.

  • Typosquatting

Typosquatting is a form of phishing that was “big” a few years ago. For quite sometime it fell away, but trends show that cybercriminals are revisiting this type of phishing.

The cybercriminal will hijack a company’s domain by registering website URLs that are very similar to the original website address. If you are attentive to detail you might notice spelling errors in the website address before you click on it! However, if you don’t pick this up and visit the website, it will look almost identical to the official website. At this point you will be asked to log into your account by inputting your username and password, which is how your password is received by the hacker.

  • Spear Phishing

Spear phishing is another type of phishing where the hacker creates fake social media pages or online blogs in the name of their persona. The cybercriminal will put in a considerable amount of effort adding mutual friends and populating the pages in order to make the page look more trustworthy and reliable.

This type of phishing is used to give a persona credibility which then makes it easier for the criminal to communicate with victims and deceive them into sharing personal information.

The Reality

The reality is that sophisticated hackers don’t actually need sophisticated software to get your user name and password. Most often, they rely on clever trickery to get you to unwittingly hand over your password.

In essence, a hacker merely needs to have basic web design skills (to create website log in pages), social media skills (to create credible SM pages), and an educated and well-spoken approach to communicating either online or telephonically.

What Can You Do?

Doing regular data backups to a cloud based service that offers data encryption will keep your sensitive information safe, especially if your device or system is hacked and your data is breached. You should also be aware of:

  • Any emails requesting that you change your user name and password by clicking on a link. In this instance close the email, look up the official contact details of the company (do not use the details listed in the email) and make a personal enquiry into the legitimacy of the email.
  • Link attachments in emails, even if the source seems legitimate. Unsolicited emails might not raise a red flag in your mind, but they should.

Ensure that:

  • You have up to date anti-virus software and firewalls in place to flag suspicious behaviour on the device.
  • You update your software and systems regularly to ensure that any bugs and vulnerabilities are consistently updated and eliminated.

Take responsibility for the safety of your data and take action

Educate your staff members on the risks of cyberattachs, phishing and hackers, and always have an alert and aware approach.

Need more advice and solutions to data safety concerns? Contact Soteria Cloud today.

Cyber-attack threats – the risk of not knowing what you don’t know

24 Mar

The KnowBe4 African Report on cyber-attacks in African countries such as South Africa, Kenya, Ghana, Morocco and more really does uncover some interesting statistics. The survey, which was carried out in 2019, tells us the following:

  • The majority of people in the country are worried about cybercrime;
  • A quarter of the respondents had no idea what ransomware is;
  • Over 50% of respondents didn’t know what multi-factor authentication is;
  • 57% of South Africans understand the risk of cybercrime but will still willingly provide their personal information if they think they know what it is being used for;
  • Most people feel that they would be able to detect a scam if faced by one, yet 50% of South African respondents reported having a PC infection or falling victim to a scam;
  • South Africans misunderstand what ransomware is, thinking that a virus that encrypts files and requires a ransom to decrypt them is called a “Trojan virus”;

Just these few findings paint a very bleak picture for the future of cybercrime in South Africa. Well, for the cybercriminals targeting South Africans it’s good news. For South Africa in general, it is quite the opposite.

The Most Valuable Finding from the KnowBe4 African Report

The report uncovered some valuable information for the surveying company and the respondents. It came out that email security is the biggest cyber-attack threat, mostly because users of email aren’t familiar with risks or don’t recognise them when they arrive in the inbox. There’s a lack of understanding surrounding malware, ransomware, phishing emails, and what the actual risk of sharing personal information is.

Cybercrime is particularly lucrative for cybercriminals as a result of the natural impulsive behaviour of individuals who will click on links and open attachments without first checking the source. Especially if they think they know the sender of the email. Something that most email users don’t know is that Cybercriminals can hack contact lists and send emails that appear to be from someone else.

The Misconception

A few years ago, a phishing email was usually easy to detect by its poorly written content and bad spelling. There are some that still believe that this is the format of a phishing email when in reality, cybercriminals have upped their game. Nowadays, it is extremely difficult to tell a phishing email apart from a legitimate email.

The Real Problem

The real problem is undeniable…human error.

Humans are not always fully aware of the impact of cybercrime on a business, a person, and finances. As humans, we tend to only realise the seriousness of the situation once we have fallen prey to it. And even then, we forget all too quickly. In business environments, employees seem to be far more careless with emails and attachments than they would be with their own private mail or their own business.

One of the biggest mistakes that people make is using free Wi-Fi hotspots for sensitive online activities. If you are going to do online banking or enter your email and social media passwords online, it’s best to do that at home or while using your mobile service provider’s data network. The moment you carry out these activities while using a free Wi-Fi hotspot, you put yourself and all the data on your device at risk. Cybercriminals are quite well known to use public Wi-Fi hotspots to trick users into connecting to their network which of course, ends up being malicious.

What is the Solution?

It is essential to ensure that all sensitive data is stored in the cloud rather than on a vulnerable device or storage disc. You should also ensure that all of your staff receive cybersecurity awareness training. This might sound like a huge cost and a waste of productive time, but it’s not. The more you talk about the importance of keeping your data secure, about acting responsibly with business devices, and being aware of possible risks and threats, the more you are preparing your workforce for possible attacks. You stand more chance of a big data breach problem being thwarted instead of spurring it on with naivety.

Last Word

While most people scroll through their inbox several times a day, few take the time to consider that an opportunistic criminal might be trying to con them. An attitude of awareness and cautiousness is essential in today’s cybercrime-rife environment.

Had a recent email cybercrime-related incident? Tell us about it!

Ransomware on the Rise in 2020 – Reduce the Risk

3 Mar

It’s really no surprise that ransomware is on the rise! Although, one would think that in 2020, with all the security measures available to thwart off the efforts of opportunistic cybercriminals, we would be wise to their attacks. The fact of the matter is that security is mostly fine. In most instances, it is human error that leads to a business’s downfall when it comes to ransomware.

How Ransomware Works

Most victims of ransomware seem completely taken aback by the fact that they have become the target of a ransom attack. What they don’t realise is that in most instances a computer is infected when a person visits an infected website, opens an email and clicks on a link, or downloads and opens links from unknown senders.

Emails with infected links and attachments are known as “phishing emails”, and more often than not it’s just a case of carelessness that leads to falling victim to one.

When the link is clicked and the ransomware is installed, it first finds somewhere to hide itself on the device. The virus typically presents as a system file which makes it difficult to remove as it looks like an essential file for the computer’s system.

The ransomware is designed to then seek out backups visible on the computer – such as saved documents and images. It then either encrypts the files and images or simply erases them. When the user tries to access their files, a display is shown demanding that a ransom is paid for the files to be decrypted. These days, the ransom is usually demanded in Bitcoin.

The Danger of Ransomware

Ransomware presents a business with both direct and indirect costs with the expense of replacing systems and installing new defence mechanisms. Further to that, the business runs the risk of losing customers at the time of the attack and might seem to be a security risk in the eyes of prospective customers. You could find yourself losing thousands or even hundreds of thousands of rand when you fall victim to ransomware.

How to Protect Your Business

Being prepared for malware and ransomware is important. In order to prepare your business for such attacks, you need to make sure that your employees are educated on the many risks they face.

They also need to be well aware of how ransomware or malware attacks present themselves. You should have a no-click or no-download policy on links and attachments in emails from unverified sources. You also need to have a process or strategy in place to help you recover from data loss in the event of a successful attack on your business.

While educating your staff members and being prepared for an attack are essential protection methods, there are other things that you can do as well:

  • Always ensure that you have the latest updated version of the systems you are running. These are designed to be able to fight off the latest attacks.
  • Securely backup all your important and sensitive data to a cloud backup service that is encrypted. This will mean that you don’t need to pay the ransom. You can clear the computer, pep up your security and then download your latest backup onto your device again. Easy!
  • Run malware security software on your devices on a regular basis.

Last Word

While ransomware is on the rise in 2020, it doesn’t have to impact on your life or your business too. Make sure that you are prepared for this year’s onslaught of attacks and rest assured that by simply being aware and taking precautions, you are that much safer out there in the online world.

New Devices for a New Year? How to Keep Them Safe from Hackers!

28 Jan

New Year – new devices

With the trend for giving mobile phones, tablets, iPads and other connected IoT (Internet of Things) devices as Christmas presents, many people are starting the year with new gadgets. Others invested in a whole range of new devices just to start the New Year on a fresh note. Regardless of how you got your new devices, do you know how to effectively protect them from hackers?

Let’s clarify one thing…the new device that you have got came with default settings, but those default settings don’t truly offer much in terms of cybersecurity. Sad but true.

If you impetuously took the device from its packaging and connected to the internet without taking into account the risks that you could expose ourself to, you could be wide open to a hack attack, malware, ransomware, and cyber-attack. Doesn’t sound fun, does it?

4 Ways to Protect Your New Device

Below are  tips to help you enjoy your new device without the risk.

  • Choose a strong password

Today’s cybercriminals don’t need to be particularly skilled to guess a password. People tend to choose a weak password like ‘1234’ or the name of their child, or even worse; their birthday. If the password is one that you use on another device or something that someone could guess with a bit of effort, you are off to a bad start. Choose a password that features a selection of numbers and letters and make it completely irrelevant to things in your life such as children, pets, and birthdays and so on.

  • Activate 2-factor authentication

If you haven’t heard of 2-factor authentication yet, now is the time to do a bit of research. 2-factor authentication safeguards against phishing pros guessing your password and then gaining access to your accounts. If they somehow manage to guess the password correctly, the system will send a text message to your mobile that requires a response in order to provide access. If it receives no response, no access is granted.

  • Take advantage of automatic updates

The manufacturer of your smartphone, laptop, computer, IoT device or tablet will periodically send out updates for the device. These updates are not time-wasters as people are prone to believe. Instead, they include necessary security updates that make it difficult or impossible for hackers to breach your security mechanisms. If you don’t update your device, hackers will be able to use known vulnerabilities to access your device’s files.

  • Do a factory reset before giving your device away or selling it

There comes a time in the lifespan of every device when it is just no longer wanted by its owner. This is the time to either pass it on to someone who will appreciate it more than you or sell it. Of course, it’s packed with your data and just deleting files isn’t doing enough to remove your sensitive information and passwords. The first thing you should do when you decide to get rid of a device is to restore it to its factory settings which will completely wipe it clean. You can also do this if you suspect your device has been infected, but you still want to use it – just be sure that you have done a complete backup to the cloud.

Last Word

Of course, if you have a device that stores sensitive information, you should be doing regular data encrypted backups to the cloud. This will ensure that if any of your data is ravaged by ransomware, you have an untainted copy on file. Make sure that 2020 is a year free from cybersecurity threats and the year that you are attentive, alert, and willing to take action to protect your own best interests.

What Exactly are Cybercriminals Looking for?

25 Sep

South Africa is not experiencing Cybercrime for the first time. In fact, the general population and businesses have been hearing about cybercrime – and been adversely affected by it – for many years.

Have you ever wondered if you have what a cyber-criminal is looking for? Are you computing habits and behaviours putting you at risk? To answer this question, you first have to know what cybercriminals are looking for in the first place.

Cybercriminals all have an agenda

There’s no such thing as “winging it” as a cybercriminal. There’s a target, there’s a plan, and then there are weeks (sometimes even months and years) of hard work to achieve their goal. Most companies find it impossible to detect a hack attack before it’s too late.

What the Average Cybercriminal Looks for

Industry professionals imply that cybercriminals are looking for scenarios where their work will be hard to detect. Essentially, cybercriminals are searching for the following:

  • Business plans
  • Innovations
  • Opportunities to connect with partners, investors, shareholders
  • Government links
  • University scientific research

To date, the most reliable method for a Cyber-Criminal to hack these particular types of projects and data is – you guessed it – phishing. It’s a sad reality that people are still unmindful that clicking on a link in an email, or opening an unknown attachment to an email, can put them and their organisation at serious risk.

 

What most Cybercriminals do is send out emails pretending to be a colleague, manager, or interested party! When the email is opened and the files with it; the criminal gains access to the victim’s sensitive information.

How to Protect Yourself & Your Organisation

Protecting yourself and your organisation against potential cybercrime is essential. Below are a few tips:

  • Set a Cybersecurity policy in place that determines how members of the organisation are expected to behave electronically/digitally.
  • Educate all the various teams in your business to ensure that everyone is aware of the risks.
  • Use repetition to continually remind staff and team members of possible risks. You can put up warning posters, send out warning emails, and include it in the weekly agenda at staff meetings.
  • Ensure that you do regular encrypted data backups to a remote server; chat to a consultant at Soteria Cloud about this, at your convenience.
  • Don’t allow personal devices to store sensitive company information.
  • Ensure that you have anti-virus, anti-malware and a firewall installed on all computer systems.

Cyber-crime is no longer something that just affects the rest of the world. It is a problem that is very real in South Africa too. Protect your business, assets, research, and sensitive data with meticulous care.