BYOD Hybrid environment | Cybersecurity

Creating a smarter Bring Your Own Device Hybrid environment

Bring Your Own Device (BYOD) in our modern-day hybrid environment has become a common workplace policy around the world.

With many employees now working from home and the office, they choose to use the latest tablets and laptops without the limitations of having a company-issued device.

A BYOD culture also reduces technology costs enabling employees to work on devices that they are already comfortable with, whilst the cloud makes it easy to access data from anywhere. However, the flexibility that this policy brings also creates the potential for cyberattacks.

If it leaves the office, it’s a risk

Devices that are taken home and used for personal tasks can significantly increase the chances of a data leak or breach, simply because we use them to communicate with people outside of the sphere of work.

To effectively manage a Bring Your Own Device policy it’s essential to identify the risks involved and secure every device used for productivity purposes in your business – no matter where it happens to be or who owns it.

Your IT network doesn’t end at the front door anymore

One of the biggest challenges to do with managing a BYOD policy is device security – especially if your business has moved to a  hybrid working model.

Tablets and laptops scattered across the city, the country, or possibly even the world are processing proprietary data that belongs to your company.

More devices and more locations equals more risks from a cybersecurity point of view. As a security conscious business owner, you’ll need to follow these systematic steps to secure your devices:

  • Do a device audit. Every employee should provide the company with the make, model, and serial number of the device they use at work and update the IT manager if they change devices.
  • Install data security software. Any device used to connect to your company network or shared storage needs to have a firewall, antivirus, and enhanced data security software up and running.
  • Use two factor authentication. Devices should be set up for two factor logins to your network via email or biometrics.
  • Train and educate device users thoroughly. Key to a secure BYOD environment is a set of policies for the end-users, your staff. Your team should be constantly aware of cyberthreats – including social engineering attacks – and take measures to avoid data leaks and breaches.

By blending the flexibility of BYOD with a careful approach to cybersecurity, you’ll have fewer worries when your team accesses company data on the move.

Keep decentralised data safe in the cloud

With BYOD in a hybrid environment an affordable and secure online cloud backup programme is essential. Soteria Cloud is proud to offer businesses a range of secure cloud storage packages featuring fully encrypted backup. To ensure that your data is safe in the cloud, browse our website today.

Cyber-attack threats – the risk of not knowing what you don’t know

The KnowBe4 African Report on cyber-attacks in African countries such as South Africa, Kenya, Ghana, Morocco and more really does uncover some interesting statistics. The survey, which was carried out in 2019, tells us the following:

  • The majority of people in the country are worried about cybercrime;
  • A quarter of the respondents had no idea what ransomware is;
  • Over 50% of respondents didn’t know what multi-factor authentication is;
  • 57% of South Africans understand the risk of cybercrime but will still willingly provide their personal information if they think they know what it is being used for;
  • Most people feel that they would be able to detect a scam if faced by one, yet 50% of South African respondents reported having a PC infection or falling victim to a scam;
  • South Africans misunderstand what ransomware is, thinking that a virus that encrypts files and requires a ransom to decrypt them is called a “Trojan virus”;

Just these few findings paint a very bleak picture for the future of cybercrime in South Africa. Well, for the cybercriminals targeting South Africans it’s good news. For South Africa in general, it is quite the opposite.

The Most Valuable Finding from the KnowBe4 African Report

The report uncovered some valuable information for the surveying company and the respondents. It came out that email security is the biggest cyber-attack threat, mostly because users of email aren’t familiar with risks or don’t recognise them when they arrive in the inbox. There’s a lack of understanding surrounding malware, ransomware, phishing emails, and what the actual risk of sharing personal information is.

Cybercrime is particularly lucrative for cybercriminals as a result of the natural impulsive behaviour of individuals who will click on links and open attachments without first checking the source. Especially if they think they know the sender of the email. Something that most email users don’t know is that Cybercriminals can hack contact lists and send emails that appear to be from someone else.

The Misconception

A few years ago, a phishing email was usually easy to detect by its poorly written content and bad spelling. There are some that still believe that this is the format of a phishing email when in reality, cybercriminals have upped their game. Nowadays, it is extremely difficult to tell a phishing email apart from a legitimate email.

The Real Problem

The real problem is undeniable…human error.

Humans are not always fully aware of the impact of cybercrime on a business, a person, and finances. As humans, we tend to only realise the seriousness of the situation once we have fallen prey to it. And even then, we forget all too quickly. In business environments, employees seem to be far more careless with emails and attachments than they would be with their own private mail or their own business.

One of the biggest mistakes that people make is using free Wi-Fi hotspots for sensitive online activities. If you are going to do online banking or enter your email and social media passwords online, it’s best to do that at home or while using your mobile service provider’s data network. The moment you carry out these activities while using a free Wi-Fi hotspot, you put yourself and all the data on your device at risk. Cybercriminals are quite well known to use public Wi-Fi hotspots to trick users into connecting to their network which of course, ends up being malicious.

What is the Solution?

It is essential to ensure that all sensitive data is stored in the cloud rather than on a vulnerable device or storage disc. You should also ensure that all of your staff receive cybersecurity awareness training. This might sound like a huge cost and a waste of productive time, but it’s not. The more you talk about the importance of keeping your data secure, about acting responsibly with business devices, and being aware of possible risks and threats, the more you are preparing your workforce for possible attacks. You stand more chance of a big data breach problem being thwarted instead of spurring it on with naivety.

Last Word

While most people scroll through their inbox several times a day, few take the time to consider that an opportunistic criminal might be trying to con them. An attitude of awareness and cautiousness is essential in today’s cybercrime-rife environment.

Had a recent email cybercrime-related incident? Tell us about it!

Coronavirus helps cyber-criminals spread their own viruses

To illustrate just how opportunistic cyber-criminals have become and how much integrity they lack, let’s take a look at the latest trend of using fears of contracting the Coronavirus to spread digital viruses. If you just read that and thought “what?” don’t worry, you aren’t alone. It’s rather astounding that criminals would stoop even that low…but rest assured that they do!

Ever opportunistic, cybercriminals have recognised the social media-induced panic in people and appear to be taking full advantage of the situation by sending botnet-driven emails that include malicious malware and viruses.

Latest cyber-threats have seen people receiving emails that infer the attached documents include pertinent information about the Coronavirus.

What do the Coronavirus Cyber-Attack Emails Look Like?

Most cybercriminal-created emails follow a similar pattern  – the main objective is to get the reader to click a link or open an attachment.

The subject of the email simply says “Notification” in Japanese. The email signature includes details of the local public health authority and includes the correct telephone and fax numbers, making them seem quite legitimate. The emails are written in Japanese, as the majority of people affected by the Coronavirus are from Asian areas. These are the prime targets.

There seem to be a number of versions of the emails doing the rounds, all of which appear to be sent from a disability welfare service provider operating in Japan. The email states that there have been confirmed cases of Coronavirus in a particular area. It then recommends that the reader opens the attached document for further details. Of course, opening the attachment is a bad idea.

Why is this Email Attack Working?

Social media has played a huge role in creating widespread fear of the virus. At every turn, the Coronavirus has centre stage on all the various social media platforms, which has been a contributing factor in giving the Coronavirus the fame of a global pandemic.  As with any contagious virus there comes fear, which leads to a certain amount of fear-induced poor judgement.

Last Word

It’s always important to consider how and why an authority would email you. If you are in doubt as to the authenticity of an email, before clicking on any attachments pick up the phone and call the authority to check if they have in fact sent out a notification.

Don’t be a victim to opportunistic cyber-attacks – think twice before opening attachments and clicking on links if you aren’t certain who the content comes from.

Labour Department employee arrested for inside-job cyber-attack

Let’s talk about inside-job cyber-attacks.

How much of what we hear is just a rumour, or is it time to consider inside-job cyber attacks to be a real threat to business?

Last month, we featured a blog on how some cybersecurity threats end up being an inside job. As if to illustrate our point, the Labour Department has just had one of their employees arrested for hacking the Department of Employment and Labour’s server.

Department of Labour Gets Hacked by Sandton Employee

Unbeknown to the Department of Employment and Labour, one of their team members at the Sandton Labour Centre hacked into their server, compromising the login details and personal information of over 300 employees. The attack occurred on the 21st of January.

When the Compensation Fund Anti-Corruption & Integrity Management team was alerted to the hack, immediate action was taken.

The employee who carried out the attack was quickly identified, and was arrested on the 24th of January, just three days after the cyber-attack took place. A criminal case and in-depth investigations into the hacking are still underway.

This incident only serves to reiterate just how important it is to have security measures intact, both for external cyberattacks as well as those that could just as easily originate from within the business.

The real issue is, it would seem that more and more cybersecurity threats are inside jobs, and you can no longer assume the honesty or integrity of staff and colleagues. As a business owner, you need to implement security mechanisms to protect your business, yourself, and other employees.

What to Do When One of Your Own Turns on You

If you believe that employees are targeting your business, you need to work on a strategy that deters such behaviour. Your strategy should  serve to expose those who are determined to behave in such an unscrupulous manner. Below are a few things you can do:

  • Set policies in place as to how staff members can use company laptops, computers, and other devices; Block specific URLs, and also ensure that employees are not permitted to take devices home.
  • Make sure that your employees are well educated on the possible cybersecurity risks that they might encounter. An educated employee makes fewer mistakes that might lead to a cyber-attack.
  • Track employees on the network. Make sure that employees have to access all systems with a username and password so that you can see which files they are accessing and what they are doing on the system.
  • Make sure that you have a backup system that automatically backs your data up to the cloud, daily. This means that any sensitive data on the device can be deleted or cleaned so that it doesn’t put your business at risk (or tempt hackers).

Last Word

Whether you run a small, medium, or large business, backing up your data is an essential part of your security efforts. Implement the above tips/recommendations and your business stands a better chance of defending itself against internal cyber-attacks. Make sure that you treat internal cyber risks just as seriously as you treat external threats.