Free VPN – Cyber Risk

Beware the Cyber Risks of Using a Free VPN

VPN (virtual private network) services are extremely common in this age of privacy concerns, offering a quick and easy way for internet users to avoid tracking and geographic profiling when they access online services.

Unfortunately, free VPNs come with a host of potential security risks and could even make your internet browsing less secure than it was before you started using them.

Here are some of the threats that come with free VPNs and how you can avoid them.

Nothing for Nothing: You May Be Paying for Your Free VPN with Your Private Information

Whoever said that the best things in life are free clearly wasn’t an expert on cybersecurity. In the realm of VPN providers, there’s a direct correlation between the cost of service and the safety of use.

While free VPNs may seem like a good idea, web users should always ask themselves: if it’s free, how does the company make money?

  • In most cases, free VPN providers generate their income from selling access to your time, attention, and sometimes even your data
  • Free VPN services tend to bombard your browser with ads, giving advertisers full access to you as a captive audience while you use the service
  • Some of these ads may be suspicious in nature, with malware waiting to infect your device once you click on them.

Worryingly, some free VPNs may even sell your private data or internet browsing information to third parties or allow hackers to hijack your device. Recently. researchers found 28 free VPN apps on Google Play that had links to cybercrime networks.

Given that these providers are almost always located outside of the country, any form of legal recourse you may seek against them could be highly difficult, if not impossible, if your private information is compromised.

Why It’s Worth Investing in a Paid VPN

Like most things in the market, premium VPNs, which require a purchase or subscription fee, are more likely to offer safe and effective services.

  • By opting for a paid VPN, you can rest easy knowing that you won’t be bombarded with unwanted ads and that the company has no incentive to sell your data to third parties
  • In fact, they have every reason to keep your data safe by investing in advanced cybersecurity for users of their service

Paid VPNs bring several benefits, primarily privacy when browsing online, and can be an integral part of a comprehensive cybersecurity strategy for individuals and companies alike.

Boost Your Data Security

To further boost data security, we recommend browsing our range of secure cloud storage packages for households and businesses of all sizes. As we said earlier, nothing good comes for free but our lineup of automated backup solutions offers an affordable monthly storage option that’s ideal for any organisation.

Data Security | Cloud Backup

Data security to safeguard your information and reputation

Data security is an essential part of every company’s risk management strategy, and securing your business information will nett you a lot more than a good night’s sleep:  it will also safeguard your company’s reputation in the marketplace.

As we look forward to a prosperous 2024 filled with business opportunities, it’s important to recognise the very real risk that cybercrime poses to organisations in South Africa. Keeping your company information safe from ransomware attacks with business backups should be the top priority of every IT department and business owner this year.

The double risk of a cyber-attack: Data and reputational losses

There’s no denying that we all live and work in an era where data is as precious and valuable as money. Any company that has been the victim of a ransomware or cyberattack and has lost several months’ worth of revenue can attest to this fact.

More alarmingly, the financial losses caused by a cyberattack may pale in comparison to the long-term effect it could have on a company’s reputation and ability to attract clients.

  • The importance of data in our daily lives, and the crucial role it plays in the running of our businesses, means that any company which takes private data into its care needs to be ready and willing to protect it at all costs.
  • Clients are naturally concerned about the safety of their sensitive data – especially if it’s financial in nature. This is especially true in light of South Africa’s growing reputation as a cybercrime hotspot.
  • Having enhanced data security will give your business an instant credibility boost and put your clients’ minds at ease, potentially leading to longer term business relationships and more referrals.

On the other hand, failure to do so could result in a huge PR scandal when a breach or cyber-attack takes place, potentially placing sensitive information of customers in the hands of criminals.

Immutable storage boosts data security for peace of mind

Recognising the threat that cyberattacks pose is a good first step to protecting both your data and good name, but what steps can businesses take to add an extra layer of security to their accumulated client data?

  • Immutable storage is a high-tech encryption system that makes it impossible for data to be altered once it enters the cloud.
  • As one of the few effective ways to stop cyber-attacks in their tracks, this technology is becoming the gold standard at data centres around the world.

If your company handles any kind of sensitive data – be it your own or your clients – you simply can’t afford to risk your reputation in the event of a major breach.

Soteria has integrated immutable storage into our range of packages for businesses of all sizes. Visit our website today to discover the solution that suits your company’s needs.

Financial Data Security | Hackers

Hackers Claim Massive Financial Data Compromise

Millions of South Africans rely on the credit bureaus TransUnion and Experian to calculate their credit scores and give them access to financing from banks and other lenders. In a shock announcement, a Brazilian hacking group known as N4ughtySecTU declared that it had compromised the entire database of both credit bureaus and taken control of every South African financial services customer’s details as a result.

Let’s take a look at the validity of this claim, find out how Experian and TransUnion are responding to it, and discuss what this means for financial data security in the sector.

SA’s confidential credit information hacked – again

The financial industry, which has a responsibility to keep the data of millions of credit customers safe, is constantly on the alert for a nightmare scenario in which the entire system and its data falls into the hands of cybercriminals. In late November, hackers, allegedly affiliated with N4ughtySecTU, claimed that they had done exactly that

The group reached out to local journalists and made several online posts to the effect that it had captured the cumulative information of all South African credit users. They then demanded an eye-watering ransom of $60 million, failing which the data would be released on the dark web.

The claim made headlines and sent shockwaves through an industry which had just been recovering from an attack by the same group in which TransUnion’s database was compromised. The privacy of millions of South African customers was compromised in the attack, with hackers going so far as to steal President Cyril Ramaphosa’s private details.

Credit bureaus fail to confirm a cyberattack, ransom amount may be unpayable

Neither Experian nor TransUnion have confirmed that a large-scale cyberattack took place at all.

As many experts have pointed out, the enormous ransom amount being demanded – which exceeds R1 billion at the current dollar exchange rate – would be nearly impossible to pay, even if the story turned out to be true.

This has led to speculation that the ransom demand is simply an online scam designed to scare the bureaus into paying “hush money” to the hacker group.

Spotlight remains focused on cybersecurity in the financial sector

While this story evolves, cybersecurity experts in the financial industry will be reviewing their security measures to ensure that a similar attack – be it real or fake – doesn’t affect the banking and insurance sector in the future.

  • As a bank and credit customer, you may not have full control over how your information is handled by credit bureaus – but you can take proactive steps to guard both your own sensitive data and that of your clients.
  • It’s essential to confirm all correspondence from the bank – including banking app sign in messages – to guarantee that they’re genuine. When in doubt, call your branch for assistance.
  • If you receive a message saying that your personal data has been compromised, treat it with suspicion too. Contact the sender by Googling their official phone number and don’t respond directly to the number or email address that the message was sent from.
  • Business owners should note that failure to protect client data can result in a major violation of the PPI Act, with potential fines running into millions of Rands.
  • Maintaining multiple copies of data and ensuring that at least one is backed up in the cloud using secure encrypted storage is essential for every business today.

Don’t let cybercrime concerns prevent you from doing business in 2024. Our range of secure cloud storage packages are the ideal way to level up your data security.

The 7 Types Of Data Security That Matter

The 7 Types Of Data Security That Matter

With the huge wave of cyberattacks sweeping South Africa today, there’s hardly a single business owner who doesn’t recognise the importance of data security. But knowing that something is necessary and knowing how to implement it are two different things.

In this article, we cut through the sea of information on cybercrime and identify the 7 types of data security that will have the biggest impact on your company’s online safety.

Here are the factors that make the biggest difference and how you can make sure you are covered on each one.

Access Control

Going to sleep with the front door open is an invitation to criminals, and yet that’s exactly what many businesses do every day by failing to secure access to their data.

Strong passwords, firewalls, anti-malware, software, and secure cloud storage are all measures you can take to ensure that only authorised users have access to your company’s information.

Authentication

Once the front door of your company’s data is locked, you need to verify the identity of anyone who knocks on it and wants to come in.

User authentication, preferably using multiple factors to avoid impersonation crimes, is a crucial step to take in order to protect your data from online intruders.

Disaster Recovery and Backups

No matter what steps you take to protect your data, the sheer number of cyberattacks affecting South African businesses today proves yet again that cybercrime can and will happen.

If the worst case scenario comes to pass and your company becomes the victim of a cyberattack, the best response you can mount is to close off access to your data and have a clean copy of all your files for easy restoration.

Encrypted backup and secure cloud storage are the gold standard when it comes to the strategy and our range of packages for businesses of all sizes are the ideal way to get started.

Data Resiliency

Should a cyberattack occur, you need to know that you have access to your data no matter what. There are many strategies you can use to achieve this, but one of the more popular ones is the 321 method.

You should have three copies of every file: two on separate media, and the final one in the cloud.

An encrypted backup solution that syncs with your cloud-based apps and devices is the ideal way to track multiple versions of this data and ensure that they’re all updated.

Data Masking

When you share information with people outside your organisation, it’s essential to mask your data so that it can’t be used by cybercriminals.

This includes stamping any digital versions of your company documents and logos with a ”sample” watermark and never using your real data when making presentations at conferences or posting online.

Even innocent-seeming company information can be used by cybercriminals to find out crucial information about your business and plan an attack.

Data Erasure

When you stop using any device, even a wi-fi router, the first thing to do is wipe the bar drive and other storage so that your files are permanently removed – but there’s a better way to do this than normal formatting.

Data erasure removes files and rearranges the code that was used to store them so that no trace of the original file can be found and used by cybercriminals to piece together your data.

Encryption

When it comes to storage, you’ll want to ensure that all your files are encrypted, so that only you and authorised members of your company can access them.

Our range of secure cloud storage solutions feature encrypted data management and immutable coding for added security.

Keeping your data safe is far easier when you know what factors to consider. By covering the bases above, you’ll be in a stronger position to avoid and respond quickly to potential cyberattacks.

Data Encryption | Data Security

Data Encryption Matters – How Treasury Plans to Get SA off the Grey List

National treasury has announced a raft of changes to SA banking legislation, in order to comply with international requirements and remove the country from the Financial Action Task Force (FATF) grey list.

In February 2023, FATF placed South Africa on a list of countries that includes Jamaica, Morocco, Barbados, and the UAE, citing problems with the local banking industry’s measures to combat money laundering and terrorist financing.

This decision could have a potentially huge impact on the economy and even prevent foreign funds from investing in the long-term.

In response to the decision, the SA government has announced a variety of changes to the law, especially where personal and commercial financial services are concerned, and this is sure to have an impact on the data security industry.

Banks set to share more financial data than ever

One of the biggest changes to the South African banking landscape in the wake of greylisting will be enhanced sharing of financial information between banks and other institutions.

This is designed to identify illicit transactions since criminals tend to have multiple bank accounts when carrying out money laundering activities and linking them to their true owners is the first step in combating these crimes.

From a cybersecurity point of view, this essential measure presents a huge challenge in terms of securing privacy and personal data.

  • Some banks still use outdated, mainframe computers with software that is several decades old. These will need to be updated to ensure compatibility with cybersecurity measures.
  • The flow of sensitive information between banks could create the potential for massive data leaks, breaches, and hacking attempts, which could see crucial financial information falling into the hands of cybercriminals.

Data encryption is essential as financial information flows rapidly

Before SA can leave the grey list, we expect the naming industry to revamp its IT policies and embrace encrypted cloud security solutions as an industry best practice.

While banking customers can’t fully control the way their institutions share information, there certainly are things that can be done to protect your personal financial data online.

Soteria’s range of secure cloud storage packages offers an easy solution for your data security needs. Choose the option that suits your business, budget, and storage requirements today for total peace of mind.

Proactive approach to cybercrime | Cybersecurity

Cybersecurity: Time to take a proactive approach to Cybercrime

Cybercrime is big business, costing its victims a total of $8.44 trillion worldwide in 2022 according to data from Statista.

The traditional IT-driven security solutions that have been used as a defence against online crimes no longer make sense at a time when they are so easily overcome – but a risk approach founded on business principles for data defence and recovery can help your organisation stay safe online.

Let’s take a look at a new angle that the IT department can use when assessing very real cyberthreats. Here’s why cyber defence needs to make business sense and not only data security sense.

Data security beyond the iron wall

The traditional IT security approach which employed firewalls and antivirus software as a method of keeping the hackers out has become less effective in recent years.

The evidence for this is clear to see when we consider the  huge spike in cyber-attacks across the world over the past decade, despite constant updates in these traditional technologies.

  • Instead of this rigid approach, a multi-layered security solution that emphasizes flexibility and rapid reconfiguration is key to addressing data vulnerabilities in 2023 and beyond.
  • Using AI and other smart technologies to monitor your network, analyse traffic and data access patterns, and spot cyber-attacks before they happen is the next level of cybersecurity. This is akin to marketing metrics and financial risk analysis, where constant monitoring and taking are keys to success.
  • A major  part of this approach involves spotting vulnerabilities in your network before the hackers do. This can help to uncover zero day attacks and other unseen threats using comprehensive network analysis.

Case study: are your backups safe from hackers?

A worrying recent trend has seen hackers target companies’ data backups.

The thinking  behind this makes perfect sense from the cybercriminals point of view: if companies have backups in place they’ll be less likely to pay the ransom.

  • Next-level attacks will compromise backups to render organisations helpless and force them to pay up.
  • 93% of organisations surveyed recently said that hackers had tried to compromise their backups, with 73% saying the attempts were partly successful.

Simple backups – especially using physical storage held on the premises – are not going to remain safe in the era of advanced cybercrime. Continuous backups using encrypted technology is the best way to keep a current copy of all critical company data safe and available at all times.

At Soteria we take the safety of your data seriously. That’s why we encrypt all the backups on our servers with the latest encryption technology to keep hackers at bay. Learn more about our secure cloud storage solutions on our website and stay one step ahead of the cybercrime wave.

Risks of data security | cloud security

The 4 main risks of data security in the cloud

Secure cloud storage has revolutionised the way organisations store their data.

From small businesses moving away from USB sticks and hard drives to embrace the cloud to huge corporations with their own data centres, the safety and reliability of storing data remotely is undeniable – but that doesn’t stop cybercriminals from trying their luck.

The harsh reality of today’s online world is that no matter how hard we try to secure online assets, cybercriminals are working around the clock to penetrate our defences. In this article, we take a look at the four main data vulnerabilities faced by companies and other organisations and how you can protect your sensitive information from being compromised.

The key elements of cloud security

Every effective secure data storage system needs to have five pillars in place in order to function:

  • Data security and privacy
  • Identity and access management
  • Network security
  • Vulnerability reduction
  • Regulatory compliance

Simply put: your business will need to ensure information safety, with only authorised staff members having access to it on a secure network that has been designed to combat cybercrime while remaining compliant with legislation like POPI.

Unfortunately, having a system like this requires constant vigilance because cybercriminals keep finding new ways to bypass existing security.

Here are some of the main vulnerabilities you’ll need to look out for as you strengthen your network.

The 4 biggest cloud security risks – and how to minimise them

1. Unauthorised access

Effective passwords and multi factor authentication are two essential steps you can take to keep unwanted eyes off your sensitive business data.

2. Data breaches

Employee education to help prevent social engineering attacks and a strict work email policy could be the most effective ways to avoid data breaches.

3. Data loss

If the worst-case scenario occurs and your business is targeted by hackers, identifying the lost data and recovering it will be priority number one. Secure cloud backup can be a lifesaver in this situation.

4. Data privacy violations

Lost data belonging to third parties like your customers’ needs to be reported to the authorities ASAP. The newly implemented POPI Act means that failure to do this correctly could result in hefty fines – and possibly even jail time.

Secure cloud storage solutions like ours put you in the best position to recover from a cyberattack. Browse our packages today to secure your valuable digital assets.

UK Data Breach | Hacker Cybercrime

Russian Hackers Claim Security Breach at BA, Boots and BBC

Russian hackers have struck at the heart of the UK’s business sector in a brazen attack on the BBC, popular pharmacy chain Boots, and British Airways, the country’s national carrier.

The attack was perpetrated by clOp Group, a well-known Russian cybercrime syndicate. The hackers targeted the “Three Bs” at a time when Britain is reeling from the effects of a cost of living crisis and the Russian war with Ukraine continues to divide public sentiment in Europe.

More than 100 000 employees’ personal information is said to have been compromised in this attack, with cybercriminals giving the companies until the middle of June to respond and begin negotiating their ransom.

how hackers penetrated three of Britain’s biggest brand names

Despite companies investing millions in cybersecurity, data breaches and ransomware attacks against prominent businesses continue to make the headlines.

  • Like many well-known cyberattacks, the recent data raid on some of Britain’s best-known brands was carried out using a vulnerability in an obscure piece of software, MOVEit.
  • The attack compromised Zellis, a trusted supplier of payroll services to the three Bs and reveals a new evolution in the future of cybercrime.
  • MOVEit may not be a familiar app to many of us, but it’s commonly used by enterprises to transfer files internally on their servers.
  • Hackers working for clOp exploited a vulnerability in the program and used it as a gateway to access a wealth of employee data which was later put up for ransom on the dark web.

As this case vividly illustrates, even seemingly secure software designed for enterprise use can contain weak links in the chain that cybercriminals can use to access valuable data. It also shows how cybercriminals are experimenting and learning from previous supply-chain attacks, targeting a mass -attack through one organisation to exploit a chain.

Improvements and patching can help close these loopholes, but it’s likely that hackers will simply find the next vulnerability to exploit. As the arms race ramps up, data belonging to businesses just like yours could be caught in the crossfire.

time to take data security seriously with encrypted cloud storage

The attack on Boots, British Airways, and the BBC was an attack on Britain’s sense of cyber safety.

Similar attacks have already occurred in South Africa, and as one of the countries with the highest incidence of cybercrimes in the world last year these events are only likely to become more common.

To protect your business data from a cyberattack in a landscape where falling victim to one is becoming extremely likely, you’ll need to keep it securely in the cloud in encrypted format.

Our range of secure cloud storage packages provide a virtual vault where your data can be accessed after a cyberattack – allowing you to get back to business sooner rather than later.

Data Cloud Threats | Cloud Storage

2023 data cloud threats hang dark 

A record number of organisations are choosing to store their data in the cloud, and the risk of hacking and cybercrime events is likely to keep trending upwards. With South Africa ranking in the top 10 of the most costly countries for data breaches, and the only southern hemisphere country to be listed, the financial burden on companies is high.

The 2023 Veeam Cloud Protection Trends Report reveals interesting insights about the state of the cloud storage industry and should raise the alarm for any organisation that relies on unencrypted online storage, while giving confidence to those who placed their trust in secure, encrypted backup solutions.

In this article we take a brief look at the report, highlight its main findings, and find out what they mean for your company’s data safety.

cloud storage becomes ubiquitous, but security lags behind

The Veeam report surveyed almost 2 000 IT professionals in the United States and found that up to 98% of businesses now rely on some form of cloud storage. While the latest data for South Africa is not yet available, it’s not difficult to predict that local trends are moving in the same direction with digital transformation beginning and ending in the cloud.

The benefits of cloud-based data storage, including access to data on demand, shareability across teams and platforms, and gains in productivity for remote workers, mean that the days of physical storage are rapidly coming to an end.

Looking at the report closely, one of the biggest contrasts can be observed between companies that opt to use cloud storage and those that have adopted adequate security.

Despite almost 100% of organisations surveyed reporting that they use some form of cloud storage:

  • 34% of respondents think their cloud-hosted files are safe or do not need to be backed up
  • 15% believe the same about their cloud-hosted databases.

Interpreting this data from a cybersecurity point of view, for every hundred companies out there, 15 to 34 are facing potential cybersecurity threats due to inadequately secured data.

With businesses relying on cloud storage to a large extent, quick action to close data security gaps should be priority number one this year.

data security is non-negotiable in 2023

Cybercriminals follow the money and human error – so expect to see more cloud credential theft and ransomware attempts in 2023 as criminals trawl the web for opportunities to exploit any lack of security.

If your business uses cloud storage, it absolutely has to be secure. Encrypted data, which is difficult for cybercriminals to decode, and next level technology like immutable storage are essential aspects of any effective data backup solution in 2023.

Soteria Cloud provides a range of secure cloud storage and backup solutions for households and businesses of all sizes. To ensure that your data remains safe in a year that’s set to see a spike in cyberattacks, browse our range of cloud storage packages today.

Twitter data breach | Data breach  

Twitter data breach leaves 5 million users at risk

Twitter has revealed that a major data breach in January resulted in more than 5,4 million users’ personal data being lost to hackers. To make matters worse, this information is now being given away on the dark web – potentially putting millions of phone numbers and email addresses at risk of being compromised.

The social media giant, which was recently acquired by Elon Musk, is undergoing a dramatic restructuring as it struggles to retain advertisers.

This latest revelation about data security will add a further layer of challenges to the task ahead for Multi-billionaire Musk and his latest acquisition, as the company does damage control to regain user trust.

One cybersecurity slip up compromises millions of accounts.

Every business handles customer data, but when it comes to social media giants like Twitter, the sheer volume of sensitive information is staggering.

With almost 400 million registered users worldwide the platform is a major target for cybercriminals, and once in a while they manage to breach the company’s powerful online defences.

January’s incident, which was carried out by exploiting an API vulnerability, resulted in millions of users entering sensitive information only to have it stolen by hackers.

The feature that allows Twitter users to find the Twitter ID of other users by submitting their email address or phone number proved to be especially vulnerable to attack. This flaw in the platform’s API mirrors recent incidents in which location-enabled apps like EskomSePush and WeChat have been used by criminals to carry out a variety of illegal activities.

Stay safe while you get social

Keeping your personal data safe when using social media apps is essential in the current cybersecurity climate. Here are some tips that will help keep hackers away.

  • Change your passwords. You should aim to do this at least once a year, with once every three months being ideal.
  • Opt for two factor authentication. This will help ensure that you and only you have access to your account.
  • Beware suspicious messages and emails. You’ll never be required to provide your login details via email. If you can’t do it using the app, it’s probably not legit.

About Soteria Cloud

Based in Cape Town, Soteria offers a full range of cloud storage packages suited to the needs of businesses and families alike. Keep your data safe in the cloud with us.