Business Risk or Cyber Risk? – Digital Crime

Business Risk Management in the Age of Cybercrime

The risk of cyberattacks has never been higher, with a 23% increase in online criminal incidents affecting South Africans in 2023 alone. As the executive suite comes to terms with the huge probability of cyber-attacks, there’s a new realisation that these incidents are more than just an IT problem and represent one of the biggest business risks of our era.

As you plan your company’s strategy over the medium to long-term, it’s important to keep the prospect of digital crime firmly in mind in terms of risk mitigation.

Here are some compelling reasons to view cyber risks as business risks and take concrete steps to keep your data safe.

Cyber security vulnerability affects every industry

Ransomware, data leaks and breaches, and hacking attempts are having a huge impact on the online security of millions of companies worldwide. If your business has any kind of online presence or banks digitally, it’s equally at risk – and this reality needs to inform your cybersecurity planning.

Industries that deal with confidential customer financial information, including the banking sector, can become major targets for cybercriminals due to the sensitive nature of the data they handle. 

Hackers know that these organisations will be keen to recover lost customer information before it becomes a reputational and financial loss for them, and therefore look forward to a generous ransom with a high probability of the money being paid over.

The financial industry is especially vulnerable to these types of attacks with no specific legal requirements in place for banks to ensure high-level cybersecurity. 

This has prompted some commentators to suggest that SA should adopt legislation similar to the EU’s Digital Operations Resilience Act (DORA). This law sets out specific IT security standards that institutions which handle other people’s money are required by law to follow.

Mitigating business cyber risk

To keep your business information safe at a time when cyberattacks are increasing exponentially, it’s essential to prevent these crimes before they happen. Here’s how.

  • Prevention is better than cure. Ensure that your business is fully prepared for a cyberattack by updating your data security and keeping a constantly updated copy of your most important files. Data stored securely in the cloud will give you more options in the event of a cyberattack.
  • Obtain buy-in from executives. If your CEO or operations manager is still not taking cybersecurity seriously, presenting to them on the potential risks and the benefits of investing in secure cloud storage should be your first priority.
  • Take cybersecurity beyond the IT department. Comprehensive staff training on cybersecurity basics as well as how to identify suspicious messages that could be phishing attempts are essential steps toward building a safer organisation.

Cyber security is an essential component of every company’s risk management strategy today and will only increase in importance in the future. 

Our range of secure cloud storage packages will give your organisation the peace of mind that comes from having encrypted storage to keep your sensitive data safe. Visit our product page today to learn more.

Cybersecurity Training – Cybersecurity

Top 10 Cybersecurity Awareness Pointers

Despite the best efforts of cybersecurity managers and IT departments, the wave of online attacks affecting the country shows no signs of slowing down.

As the risk of data loss and potentially becoming a victim of ransom intensifies, staff training is non-negotiable in 2024 and beyond.

If you have an existing cybersecurity training system in place or are still strategising, our list of our top 10 priorities for cybersecurity awareness will help you to focus on issues that deliver maximal security gains.

1. Phishing

The mainstay of online criminals remains the phishing attack and the reason is simple: users still fall for it.  Staff training that focuses on analysing suspicious emails and not taking action until it’s approved by management will go a long way to mitigate the damage that can be caused by fictitious communications claiming to be from banks or clients.

2. Passwords

We’ve written several articles in the past imploring companies to set up strong passwords and make use of password management systems. Unfortunately, many businesses still use weak, passwords and codes which can easily be guessed. If you’re looking for a cheap, simple, and instant way to improve your cybersecurity, strong passwords are almost certainly it.

3. Removables

USB sticks and removable hard drives may be less common in the age of cloud computing, but many businesses still use them. Limiting the number of important files you keep on removable storage, password protecting and encrypting them, and deleting them on a regular basis are all important skills that all employees should be trained in.

4. Mobile devices 

Smartphones and tablets that we all use every day contain some of our most valuable business and personal information – especially with the advent of smart wallets. But if they fall into the wrong hands, they can give criminals access to a company’s entire financial resources. Password protection and multiple factor authentication are not simply nice to haves anymore when it comes to mobile devices. It’s absolutely crucial that employees should be made aware of the necessity to safeguard their mobile devices.

5. Physical Cybersecurity 

Keeping your files safe in the cloud and following cybersecurity best practices doesn’t mean much if your login credentials are still being written on sticky notes and left lying around the office. The physical aspect of cybersecurity, especially for businesses that transact with cryptocurrency and have login credentials related to their crypto wallets on paper, should be emphasised very strongly when training staff members.

6. Public Wifi 

When traveling on business, it’s always useful to have access to public Wi-Fi, but this facility can be a double edged sword, especially when it’s not safe from hackers and viruses. Familiarising yourself with best practices when using public WiFi and discouraging your staff from connecting to it using work devices unless they’re convinced that it’s 100% safe are both good strategies.

7. Cloud Storage 

When it comes to data security, almost safe is never good enough. The only way to be truly certain that your data is safe is to have it encrypted in the cloud using immutable storage. That’s exactly what our range of secure cloud storage packages for business will give you.

8. Social media

Social media networks have become a part of our daily existence. Unfortunately they’ve also become a prime way that cybercriminals use to gain our trust and perpetrate identity theft and fraud. Staff members should be well-versed in using Facebook, LinkedIn, IG, and other social media platforms responsibly, and look out for signs of fraudulent or criminal activity when they interact with other users.

9. Remote work 

If your staff work remotely part of the time or all of the time, chances are good that they’re exposing both themselves and your business to unnecessary risks online. Every device that contains information related to your business, as well as the people who use it, needs to be operating at the highest level of cybersecurity.

Ensuring that your workers’ devices have the latest versions of firewalls, antivirus, and secure cloud storage installed, and that they know how to use devices responsibly and not allow authorised access by other people when working remotely will help keep your business safe.

10. Social engineering attacks 

Impersonation attacks, social engineering, and other fraudulent tricks used by cybercriminals to gain access to your business information are on the rise. Your employees need to be primed to identify suspicious communications and trained to not execute any requests  before they’ve been vetted and approved.

Keep your data safe with cloud storage

The dangers of doing business online may be increasing, but so are the opportunities to keep your data safe. 

Our range of secure cloud storage packages for businesses of all sizes will give you peace of mind as you and your team use the internet to grow your enterprise. visit our product page today to get started.

Cybersecurity Training – A Corporate Responsibility

Meeting your corporate Cybersecurity training obligations

The cybersecurity threat landscape is becoming more perilous in 2024 as the rise of AI adds a further risk dimension.

Companies are both ethically and legally required to act in order to prevent cyberattacks. While creating a safe online ecosystem for business to take place is a noble aim, the POPI Act compels businesses to take concrete measures to protect sensitive business and client data.

Failure to comply with the POPI Act could result in fines of up to R10 million and possible jail time, making it even more crucial to train your staff comprehensively. 

In this article, we look at the need for proactive cybersecurity training and what aspects your business should focus on.

The new threat of AI 

The availability of generative AI means that language models are potentially being used to create extremely convincing phishing emails and other fraudulent documents. These may be indistinguishable from a credible internal communication or message from a client, increasing the likelihood of cyberattacks hitting their mark: overly trusting employees.

Data from the South African Banking Risk Information Centre shows cyberattacks in South Africa up by 22% in 2023. 

Of particular concern are the phishing and ransomware crimes, with the number of victims who made ransomware payments having risen by 20% in 2023 alone. 

To avoid a situation where unsuspecting employees are implicated in cyberattacks and face severe consequences, including dismissal and possibly criminal action, companies need to ensure that their teams are well trained in all aspects of cyberthreat awareness and risk management.

In general, many attacks tend to take place not because employees were in cahoots with cybercriminals, but simply because they were fooled by them.

Preventing this type of incident may not be easy, but companies that can identify the most common online security mistakes made by their staff have a better chance of correcting them through positive training.

With new employees, this type of training should take place during the onboarding process, with existing staff regularly upskilled so that all teams have up to date cybersecurity awareness and are fully prepared to handle sensitive data with the upmost of caution.

Critical training focus for enhanced cybersecurity

Weak passwords 

  • Choosing a password that you can remember is important, but some employees still opt for the trusty old “12345” or “password” which is incredibly easy for cybercriminals to guess. 
  • Additionally, others may choose a strong password but render it useless by writing it down on a sticky note displayed in the office. This could easily come to the attention of the wrong person and result in a data breach. 
  • Staff members should choose long passwords with a mix of numbers, letters, and symbols, and secure their devices using two factor authentication whenever possible. 

Sharing passwords

  • Employees who use the same computer or device may end up sharing a login password out of necessity. 
  • A clear solution for this problem is to issue each employee with their own device or let them bring their own. 
  • If they do share a computer, it’s essential for each user to have individual logins with credentials that only they know. 

Unauthorised users accessing work devices

  • Employees may think it’s harmless to take the company laptop home and let their children use it to write school reports or browse the internet, but if the device becomes subject to a cyberattack, the unauthorised user could get the employee in serious hot water.
  • Separating work and play devices is essential not only to protect company data but also to prevent family members from being implicated in a cybercrime. 

Don’t forget to cover the cybersecurity basics for peace of mind 

Failing to update security software, outdated firewalls, and relying on physical storage alone are some other ways that staff members could unknowingly open the door to cybercrime. 

Soteria’s range of secure backup solutions take the guesswork out of keeping your files safe in the cloud. Learn more about our packages for businesses of all sizes by visiting our website today. 

Cybersecurity Awareness

Creating a Culture of Cybersecurity Awareness

In 2004, October was declared to be “Cybersecurity Awareness Month” – a time for the private and public sectors to work together in raising awareness about the importance of cybersecurity. With 89% of South African senior management and company directors saying they’re worried about their company’s data security measures cybersecurity is clearly one of the biggest concerns on the minds of executives this year,

While technical solutions including secure cloud storage can help to create a wall around your data, your company’s cybersecurity culture will determine who manages to climb over it – or even walk straight through an open door.

In this article, we take a step back from the tech aspect of cybersecurity to address the all-important question of company culture. Here’s how you can create an organisation that is data savvy and cybersecurity conscious to reduce the risk of a financially damaging cybersecurity incident.

Cybersecurity is a company-wide priority

The potential for cyberattacks is higher than ever before, with South Africa registering the greatest number of these crimes in Africa.

Despite the well-known threats of online fraud and data theft, cybersecurity is overlooked by many departments in the average company and is often seen as the IT department’s problem.

That is, until a cyber-attack occurs, and it quickly becomes everyone’s problem.

  • There’s no doubt that having an IT specialist trained in cybersecurity may give your business an edge when it comes to threat detection and prevention, but that’s not all it takes.
  • In order to create an effective company-wide, best practice cybersecurity policy, the top management of your business will need to lead from the front.

Making cybersecurity a priority in the boardroom and setting an example for teams and employees is the first crucial step in creating a culture of data savvy cyber safety in your business.

Cybersecurity can be fun if you do it right

One of the main reasons why companies have trouble implementing anti-cybercrime measures is that the training often seems technically complicated and boring to employees who don’t have a strong IT background.

The fact that most cyberattacks take place through social engineering means that there’s usually a fascinating story behind them.

Engaging your marketing department to collaborate with IT or your cybersecurity consultant to create engaging materials and company-wide projects and campaigns is a great way to start. These efforts should encourage workers to take digital security seriously and identify the tell-tale signs of a cyberattack.

Keeping it clean

They say that change is as good as a holiday and changing bad cybersecurity habits within a company by creating a culture of awareness could just be the break you need.

Cyber-hygiene is a mindset but it needs to be taught and using examples of daring online scams and hacking incidents that have an amusing twist can be a memorable and creative way to build security-centric habits.

Investing in the right cybersecurity setup is essential

A security-conscious tech culture in your business needs to be paired with the latest cybersecurity defences in order to create a powerful barrier against online crimes.

Our range of secure cloud storage and backup packages for households and businesses run the latest generation of encrypted data storage software to help you stay one step ahead of the hackers.  We also offer immutable storage as an extra layer of protection to help your sensitive files stay out of the wrong hands.